Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-04 15:41:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Security Fix 3: Card comment author spoofing (IDOR) via API.

Browse source 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
This commit is contained in:
Lauri Ojansivu 2025-12-29 16:34:00 +02:00
parent 7ed76c180e
commit 67cb47173c
2 changed files with 3 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
public/api/wekan.yml
View file

@ -1115,12 +1115,6 @@ paths:
- multipart/form-data
- application/json
parameters:
- name: authorId
in: formData
description: |
the user who 'posted' the comment
type: string
required: true
- name: comment
in: formData
description: the comment value