CVE-2021-3309

CVE-2021-3309

EPSS 1.7%

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/wekan/wekan/issues/3482 https://github.com/wekan/wekan/pull/3483/commits/31f89121fecca5a761b05cc3a26d4f237e90b484 https://github.com/wekan/wekan/releases/tag/v4.87