Hall of Fame image from https://openclipart.org/detail/120343/trophy
Back to Hall of Fame Contents Back to Wekan Website

Contents / DUEbleed

CVE Vulnerability name Date Responsible Security Disclosure by Vulnerabilities

2021-01-11 EET xet7 - maintainer of Wekan

Did not notice security issue originally when merging new feature from pull request. Did fix issue when finally noticed it at production at Wekan demo server.
  • Due Cards and Broken Cards: As Admin user, at All Users view of Due Cards and Broken Cards, fixed to not show cards from other users private boards. This affected only logged in Admin user, not logged in other users.
  • Affected Wekan v4.73-v4.74
  • Fixed at Wekan v4.75 2021-01-11
  • More details at GitHub issue and fixed code

Timeline Details
2021-01-11 EET xet7 was checking and merging this pull request, xet7 did not notice that it showed also cards from other users private boards, until testing on It was then noticed on xet7's own server.
2021-01-11 Wekan v4.75 2021-01-11 released by xet7 with fix.

Back to Hall of Fame Contents Back to Wekan Website