CNNVD-202512-2702 Information

CNNVD ID

CNNVD-202512-2702

Related CVE

CVE-2025-65779

• CNNVD Published: 2025-12-15

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 18.15及之前版本存在安全漏洞，该漏洞源于未经身份验证的攻击者可以更新板的sort值，可能导致任意重新排序。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 18.15 and previous versions had a security loophole, which stemmed from the sort value of an unidentified attacker that could be updated and could lead to arbitrary reordering.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WeKan

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/wekan/wekan https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan–release https://github.com/wekan/wekan/commit/ea310d7508b344512e5de0dfbc9bdfd38145c5c5 https://wekan.fi/hall-of-fame/spacebleed/ https://access.redhat.com/security/cve/cve-2025-65779

Patch

https://github.com/wekan/wekan/releases