关键信息 Title: Wekan <8.21 Improper access control on administrative migration methods (CWE) Description: Migration-related operations (including URL fixes) lacked sufficient authorization checks and accepted parameters that expanded scope. The fix removes the boardId parameter from some migration steps (making them global), and adds explicit authorization requiring board admin or instance admin for board-scoped migration execution, and admin checks for migration invocation. Source:  User: ) Submission: 01/20/2026 12:52 PM (16 days ago) Moderation: 02/04/2026 03:46 PM (15 days later) Status: Accepted VulDB entry:  [WeKan up to 8.20 Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration boardId MigrationBleed access control] Points: 19