CNNVD-202602-772 Information
CNNVD ID
CNNVD-202602-772
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.20及之前版本存在访问控制错误漏洞,该漏洞源于组件Attachment Migration中文件server/attachmentMigration.js的未知函数存在访问控制不当,可能导致远程攻击。
Description (English)
Wekan is a panel application from WeKan Open Source. We Kan 8.20 and previous versions have access control bugs, which stem from inappropriate access controls in the unknown function of fileserver/attachment Migration.js in component Attachment Migration, which may lead to a remote attack.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
WeKan
Published
2026-02-05
Last Modified
2026-02-24
References
https://github.com/wekan/wekan/ https://github.com/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67eee https://github.com/wekan/wekan/releases/tag/v8.21 https://vuldb.com/?ctiid.344484 https://vuldb.com/?id.344484 https://vuldb.com/?submit.742677
Patch
https://github.com/wekan/wekan/releases
Share on: