Primary

Context

WeKan Information Disclosure Vulnerability in Attachments Publication

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in WeKan versions prior to 8.19. This issue arises in the attachments publication, where metadata can be returned without properly restricting the results to boards and cards that the requesting user can access. As a result, there is a potential for unauthorized users to gain access to attachment metadata.

Impact

Exploitation of this vulnerability could lead to unauthorized access to attachment metadata, creating a risk of exposing sensitive information to users who should not have access.

Remediation

Users can upgrade to WeKan version 8.19 or later to address this vulnerability.

Added: Feb 7, 2026, 10:23 PM

Updated: Feb 7, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeKan Information Disclosure Vulnerability in Attachments Publication

Vulnerability

Impact

Remediation

Affected Products

WeKan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating