CVE-2021-3309
HIGHWekan < 4.87 - Improper Certificate Validation in LDAP Server
Title source: llmDescription
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/wekan/wekan/issues/3482
Patch, Third Party Advisory x_refsource_misc
https://github.com/wekan/wekan/pull/3483/commits/31f89121fecca5a761b05cc3a26d4f237e90b484
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/wekan/wekan/releases/tag/v4.87
Scores
CVSS v3
8.1
EPSS
0.0170
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (1)
wekan_project/wekan
< 4.87
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026