11 matches found
SUSE CVE-2026-33676
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...
CVE-2026-33676
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...
Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read
Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the addRelatedTasksToTasks function. An attacker can obtain unauthorized access to sensitive task metadata from projects they do not have permission to view by reading tasks that have cross-project relations...
EUVD-2026-14917
Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read...
GHSA-8CMM-J6C4-RR8V Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read
Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...
Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read
When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will receive...
CVE-2026-33676
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...
CVE-2026-33676
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...
PT-2026-27449
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.1 Description Vikunja is a self-hosted task management platform. Before version 2.2.1, the API, when returning tasks, included complete task objects in the related tasks field without verifying if the user had...
Fedora Update for thunderbird-lightning FEDORA-2012-15863
Check for the Version of thunderbird-lightning OpenVAS Vulnerability Test Fedora Update for thunderbird-lightning FEDORA-2012-15863 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...