CNNVD-202602-1090 Information
CNNVD ID
CNNVD-202602-1090
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于附件发布中,附件元数据返回时未将结果正确限定在请求用户可访问的看板和卡片范围内,可能导致附件元数据泄露给未授权用户。
Description (English)
Wekan is a panel application from WeKan Open Source. There was a security loophole in the previous version of Wekan 8.19, which originated from the release of the attachment, and the return of the attachment metadata did not correctly limit the result to the panel and card that the requested user could access, which could lead to the release of the attachment metadata to unauthorized users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-attachments-publication-information-disclosure https://github.com/wekan/wekan/commit/6dfa3beb2b6ab23438d0f4395b84bf0749eb4820 https://access.redhat.com/security/cve/cve-2026-25562
Patch
https://github.com/wekan/wekan/releases
Share on: