WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without…

WeKan versions before 8.35 contain a server-side request forgery (SSRF) vulnerability in webhook integration URL handling. The vulnerability allows attackers who can create or modify integrations to set webhook URLs to internal network addresses. This causes the server to issue HTTP POST requests to attacker-controlled internal targets with full board event payloads. Additionally, attackers can exploit response handling to overwrite arbitrary comment text without proper authorization checks. The vulnerability stems from the url schema field accepting any string without protocol restriction or destination validation.