Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments
Vulnerability Description
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to. Version 2.2.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Vikunja 安全漏洞
Vulnerability Description
Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 2.2.0之前版本存在安全漏洞,该漏洞源于API存在访问控制缺陷,可能导致经过身份验证的用户读取任意任务评论。
CVSS Information
N/A
Vulnerability Type
N/A