3 matches found
SUSE CVE-2026-33676
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...
GHSA-8CMM-J6C4-RR8V Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read
Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...
PT-2026-27449
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.1 Description Vikunja is a self-hosted task management platform. Before version 2.2.1, the API, when returning tasks, included complete task objects in the related tasks field without verifying if the user had...