Affected by GO-2026-4480 and 21 other vulnerabilities

GO-2026-4480: Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api

GO-2026-4551: Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api

GO-2026-4552: Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api

GO-2026-4553: Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api

GO-2026-4556: Vikunja has Path Traversal in CLI Restore in code.vikunja.io/api

GO-2026-4575: Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse in code.vikunja.io/api

GO-2026-4791: Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers in code.vikunja.io/api

GO-2026-4794: Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api

GO-2026-4795: Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api

GO-2026-4797: Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api

GO-2026-4798: Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement in code.vikunja.io/api

GO-2026-4805: Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api

GO-2026-4811: Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api

GO-2026-4846: Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API in code.vikunja.io/api

GO-2026-4847: Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api

GO-2026-4848: Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api

GO-2026-4849: Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect in code.vikunja.io/api

GO-2026-4850: Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion in code.vikunja.io/api

GO-2026-4851: Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api

GO-2026-4852: Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api

GO-2026-4853: Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api

GO-2026-4855: Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api

microsofttodo

package

v0.24.6 Latest Latest Go to latest Published: Dec 22, 2024 License: AGPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.kolaente.de/vikunja/api

Links

Open Source Insights

Documentation ¶

Index ¶

type Migration

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Migration ¶

type Migration struct {
	Code string `json:"code"`
}

func (*Migration) AuthURL ¶

func (m *Migration) AuthURL() string

AuthURL returns the url users need to authenticate against @Summary Get the auth url from Microsoft Todo @Description Returns the auth url where the user needs to get its auth code. This code can then be used to migrate everything from Microsoft Todo to Vikunja. @tags migration @Produce json @Security JWTKeyAuth @Success 200 {object} handler.AuthURL "The auth url." @Failure 500 {object} models.Message "Internal server error" @Router /migration/microsoft-todo/auth [get]

func (*Migration) Migrate ¶

func (m *Migration) Migrate(user *user.User) (err error)

Migrate gets all tasks from Microsoft Todo for a user and puts them into vikunja @Summary Migrate all projects, tasks etc. from Microsoft Todo @Description Migrates all tasklinsts, tasks, notes and reminders from Microsoft Todo to Vikunja. @tags migration @Accept json @Produce json @Security JWTKeyAuth @Param migrationCode body microsofttodo.Migration true "The auth token previously obtained from the auth url. See the docs for /migration/microsoft-todo/auth." @Success 200 {object} models.Message "A message telling you everything was migrated successfully." @Failure 500 {object} models.Message "Internal server error" @Router /migration/microsoft-todo/migrate [post]

func (*Migration) Name ¶

func (m *Migration) Name() string

Name is used to get the name of the Microsoft Todo migration - we're using the docs here to annotate the status route. @Summary Get migration status @Description Returns if the current user already did the migation or not. This is useful to show a confirmation message in the frontend if the user is trying to do the same migration again. @tags migration @Produce json @Security JWTKeyAuth @Success 200 {object} migration.Status "The migration status" @Failure 500 {object} models.Message "Internal server error" @Router /migration/microsoft-todo/status [get]

Source Files ¶

View all Source files

microsoft_todo.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL