Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Read-only Vikunja users can delete project background images via broken object-level authorization
Vulnerability Description
Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the `DELETE /api/v1/projects/:project/background` endpoint checks `CanRead` permission instead of `CanUpdate`, allowing any user with read-only access to a project to permanently delete its background image. Version 2.2.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Vikunja 安全漏洞
Vulnerability Description
Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 0.20.2至2.2.0之前版本存在安全漏洞,该漏洞源于DELETE /api/v1/projects/:project/background端点错误检查CanRead权限而非CanUpdate权限,可能导致具有只读权限的用户永久删除项目背景图片。
CVSS Information
N/A
Vulnerability Type
N/A