ГлавнаяУязвимости → CVE-2025-65779
7.5высокая

CVE-2025-65779

Описание

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards.

Затрагиваемое ПО
Wekan project Wekan
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://github.com/wekan/wekanhttps://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--releasehttps://github.com/wekan/wekan/commit/ea310d7508b344512e5de0dfbc9bdfd38145c5c5https://wekan.fi/hall-of-fame/spacebleed/