CNNVD-202512-2700 Information
CNNVD ID
CNNVD-202512-2700
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 18.15及之前版本存在安全漏洞,该漏洞源于附件上传API将Authorization bearer值视为userId,可能导致应用程序层拒绝服务和身份欺骗。
Description (English)
Wekan is a panel application from WeKan Open Source. WeKan 18.15 and previous versions have a security loophole, which stems from the uploading of the API ’ s view of Authorization bearer ’ s value as “userId " , which could lead to application-level denial of service and identity fraud.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2025-12-15
Last Modified
2026-02-24
References
https://github.com/wekan/wekan https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan–release https://github.com/wekan/wekan/commit/ccd90343394f433b287733ad0a33c08e0a71f53c https://wekan.fi/hall-of-fame/spacebleed/ https://access.redhat.com/security/cve/cve-2025-65781
Patch
https://github.com/wekan/wekan/releases
Share on: