WeKan Improper Access Control Vulnerability in Attachment Storage Component

A vulnerability allowing improper access control has been identified in WeKan versions prior to 8.21. The issue resides in the Attachment Storage component, specifically within the file models/attachments.js. This vulnerability allows unauthorized manipulation of attachment storage workflows by failing to enforce proper authorization and visibility checks for boards and attachments. As a result, it could enable unauthorized users to perform actions on attachment storage processes. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability could lead to unauthorized operations on attachment storage workflows, potentially allowing users to manipulate or access attachments without proper authorization.

Remediation

Users are advised to upgrade to WeKan version 8.21, which addresses this vulnerability. The latest version can be downloaded from the WeKan GitHub Releases page.