漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WeKan < 8.35 Missing Authorization via Integration REST API
Vulnerability Description
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
WeKan 安全漏洞
Vulnerability Description
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.35之前版本存在安全漏洞,该漏洞源于Integration REST API端点授权检查不足,可能导致经过身份验证的板成员执行管理操作。
CVSS Information
N/A
Vulnerability Type
N/A