{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T23:52:33.934","vulnerabilities":[{"cve":{"id":"CVE-2026-30847","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T20:16:17.530","lastModified":"2026-03-11T14:22:57.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers() call to return all fields including highly sensitive data such as bcrypt password hashes, active session login tokens, email verification tokens, full email addresses, and any stored OAuth tokens. Unlike Meteor's default auto-publication which strips the services field for security, custom publications return whatever fields the cursor contains, meaning all subscribers receive the complete user documents. Any authenticated user who triggers this publication can harvest credentials and active session tokens for other users, enabling password cracking, session hijacking, and full account takeover. This issue has been fixed in version 8.34."},{"lang":"es","value":"Wekan es una herramienta kanban de código abierto construida con Meteor. En las versiones 8.31.0 a la 8.33, la publicación notificationUsers en Wekan publica documentos de usuario sin filtrar campos, lo que provoca que la llamada a ReactiveCache.getUsers() devuelva todos los campos, incluyendo datos altamente sensibles como hashes de contraseña bcrypt, tokens de inicio de sesión de sesión activa, tokens de verificación de correo electrónico, direcciones de correo electrónico completas y cualquier token OAuth almacenado. A diferencia de la auto-publicación predeterminada de Meteor, que elimina el campo services por seguridad, las publicaciones personalizadas devuelven todos los campos que contiene el cursor, lo que significa que todos los suscriptores reciben los documentos de usuario completos. Cualquier usuario autenticado que active esta publicación puede recolectar credenciales y tokens de sesión activa de otros usuarios, lo que permite el cracking de contraseñas, el secuestro de sesión y la toma de control total de la cuenta. Este problema ha sido solucionado en la versión 8.34."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*","versionStartIncluding":"8.31","versionEndExcluding":"8.33","matchCriteriaId":"82F22D3F-FA6B-485B-94AE-266CD62CC379"}]}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/1c8667eae8b28739e43569b612ffdb2693c6b1ce","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/wekan/wekan/releases/tag/v8.34","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://securitylab.github.com/advisories/GHSL-2026-035_Wekan/","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}