6.5
CVE-2026-1898
- EPSS 0.27%
- Veröffentlicht 05.02.2026 00:32:09
- Zuletzt bearbeitet 10.02.2026 21:46:48
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginWeKan LDAP User Sync syncUser.js SyncLDAPBleed access control
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to mitigate this issue. Patch name: 146905a459106b5d00b4f09453a6554255e6965a. You should upgrade the affected component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wekan Project ≫ Wekan Version < 8.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.177 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://github.com/wekan/wekan/
https://github.com/wekan/wekan/releases/tag/v8.21
https://vuldb.com/?id.344270
https://vuldb.com/?ctiid.344270
https://vuldb.com/?submit.742676
https://github.com/wekan/wekan/commit/146905a459106b5d00b4f09453a6554255e6965a