WeKan Improper Access Control Vulnerability in Migration Operation Handler

A vulnerability allowing improper access control has been identified in WeKan versions prior to 8.21. The issue resides in the Migration Operation Handler, specifically within the ComprehensiveBoardMigration function of the file server/migrations/comprehensiveBoardMigration.js. The vulnerability arises from inadequate authorization checks for the boardId parameter, which can be manipulated to bypass access controls. This flaw can be exploited remotely, potentially leading to unauthorized access or actions within the application.

Impact

Exploitation of this vulnerability could result in unauthorized access to administrative migration functions, allowing users to perform migration operations without proper authorization. This could disrupt the application's data integrity and migration processes.

Reproduction

To reproduce this vulnerability, send a request to the WeKan application that includes a manipulated boardId parameter. This can be done through the application's API or by invoking the migration function that handles board migrations. The lack of proper authorization checks will allow the operation to be executed, bypassing access controls.

Remediation

Upgrade to WeKan version 8.21, which addresses this vulnerability by removing the boardId parameter from certain migration steps and implementing explicit authorization requirements. The patched version is available on the WeKan GitHub Releases page.