Product
Vikunja Unauthenticated Instance-Wide Data Breach via Link Share and IDOR
2 rules 6 TTPsChained authorization flaws in Vikunja allow an unauthenticated attacker to download and delete all file attachments across all projects by disclosing share hashes and exploiting cross-project attachment access.
Vikunja TOTP Two-Factor Authentication Bypass via OIDC Login
2 rules 1 TTP 3 IOCsVikunja version 2.2.2 and earlier has a two-factor authentication bypass vulnerability via the OIDC login path, where TOTP enrollment is ignored when a local user with TOTP enabled is matched via OIDC email fallback, allowing attackers with a matching email address in the OIDC provider to gain access without the second factor.
Vikunja Link Share Hash Disclosure Leads to Privilege Escalation
2 rules 2 TTPsThe Vikunja application is vulnerable to privilege escalation, where the LinkSharing.ReadAll() method permits authenticated users to list all link shares, including secret hashes, without proper authorization checks, allowing an attacker with a read-only link share to escalate to full admin access.