Vendor
Authorization flaws in Vikunja before version 2.2.1 allow authenticated users with read access to escalate privileges by obtaining admin-level share hashes via the LinkSharing.ReadAll endpoint, and also permit instance-wide data exfiltration and destruction by manipulating task attachments through an Insecure Direct Object Reference (IDOR) vulnerability in the GetTaskAttachment endpoint.