漏洞关键信息 漏洞编号: 742677 漏洞标题: Wekan <8.21 Improper access control on migration endpoints (CWE-284) 描述: Attachment migration methods did not consistently enforce that the caller had sufficient privileges for the target board. The fix adds checks requiring the user be a board admin or instance admin for migration execution, and requires board visibility for progress/status style calls. 来源: https://github.com/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67eee 提交人: MegaManSec (UID 94702) 提交时间: 2023-02-20 12:56 PM (16 days ago) 审核时间: 2023-02-05 11:52 AM (16 days later) 状态: Accepted VulDB条目编号: 344484 相关条目: WeKan up to 8.20 Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control 得分: 17