Vulnerabilites related to kanboard - kanboard
CVE-2023-33969 (GCVE-0-2023-33969)
Vulnerability from cvelistv5
Published
2023-06-05 19:57
Modified
2025-01-08 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9"
},
{
"name": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33969",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:00:38.348174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:00:50.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T19:57:11.800Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9"
},
{
"name": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c"
}
],
"source": {
"advisory": "GHSA-8qvf-9847-gpc9",
"discovery": "UNKNOWN"
},
"title": "Stored Cross site scripting in the Task External Link Functionality in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33969",
"datePublished": "2023-06-05T19:57:11.800Z",
"dateReserved": "2023-05-24T13:46:35.953Z",
"dateUpdated": "2025-01-08T16:00:50.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15207 (GCVE-0-2017-15207)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15207",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:23.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15212 (GCVE-0-2017-15212)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15212",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T20:01:48.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15210 (GCVE-0-2017-15210)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-17 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15210",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-17T01:07:02.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32685 (GCVE-0-2023-32685)
Vulnerability from cvelistv5
Published
2023-05-30 04:11
Modified
2025-01-10 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7"
},
{
"name": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T20:35:34.497278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:35:42.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T04:11:50.569Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7"
},
{
"name": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713"
}
],
"source": {
"advisory": "GHSA-hjmw-gm82-r4gv",
"discovery": "UNKNOWN"
},
"title": "Clipboard based cross-site scripting (blocked with default CSP) in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32685",
"datePublished": "2023-05-30T04:11:50.569Z",
"dateReserved": "2023-05-11T16:33:45.732Z",
"dateUpdated": "2025-01-10T20:35:42.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7324 (GCVE-0-2019-7324)
Vulnerability from cvelistv5
Published
2019-02-04 19:00
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html"
},
{
"name": "20190529 Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T03:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html"
},
{
"name": "20190529 Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/41"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f"
},
{
"name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8"
},
{
"name": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html"
},
{
"name": "20190529 Reflected Cross-site Scripting Vulnerability in Kanboard 1.2.7",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/41"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7324",
"datePublished": "2019-02-04T19:00:00",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33970 (GCVE-0-2023-33970)
Vulnerability from cvelistv5
Published
2023-06-05 19:54
Modified
2025-01-08 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33970",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:01:21.772181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:01:46.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it\u0027s a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T19:54:38.686Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f"
}
],
"source": {
"advisory": "GHSA-wfch-8rhv-v286",
"discovery": "UNKNOWN"
},
"title": "Missing access control in internal task links feature in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33970",
"datePublished": "2023-06-05T19:54:38.686Z",
"dateReserved": "2023-05-24T13:46:35.954Z",
"dateUpdated": "2025-01-08T16:01:46.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51748 (GCVE-0-2024-51748)
Vulnerability from cvelistv5
Published
2024-11-11 19:20
Modified
2024-11-12 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThan": "1.2.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:42:48.932355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:44:13.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:20:29.400Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p"
}
],
"source": {
"advisory": "GHSA-jvff-x577-j95p",
"discovery": "UNKNOWN"
},
"title": "Remote code execution through language setting in kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51748",
"datePublished": "2024-11-11T19:20:29.400Z",
"dateReserved": "2024-10-31T14:12:45.790Z",
"dateUpdated": "2024-11-12T14:44:13.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15206 (GCVE-0-2017-15206)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-17 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15206",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-17T02:20:49.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15205 (GCVE-0-2017-15205)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15205",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T22:09:15.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33956 (GCVE-0-2023-33956)
Vulnerability from cvelistv5
Published
2023-06-05 19:34
Modified
2025-01-08 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2"
},
{
"name": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:03:41.776228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:03:58.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application\u0027s URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application\u0027s security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T19:34:51.508Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2"
},
{
"name": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd"
}
],
"source": {
"advisory": "GHSA-r36m-44gg-wxg2",
"discovery": "UNKNOWN"
},
"title": "Parameter based Indirect Object Referencing leading to private file exposure in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33956",
"datePublished": "2023-06-05T19:34:51.508Z",
"dateReserved": "2023-05-24T13:46:35.952Z",
"dateUpdated": "2025-01-08T16:03:58.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15202 (GCVE-0-2017-15202)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15202",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T21:07:29.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15197 (GCVE-0-2017-15197)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-17 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15197",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-17T02:53:07.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15209 (GCVE-0-2017-15209)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 20:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15209",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T20:58:55.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15203 (GCVE-0-2017-15203)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15203",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:49.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15195 (GCVE-0-2017-15195)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15195",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55603 (GCVE-0-2024-55603)
Vulnerability from cvelistv5
Published
2024-12-18 23:52
Modified
2024-12-20 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).
Thus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:10:11.562584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:12:10.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.43"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).\nThus, a session which\u0027s lifetime is already `\u003e time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T23:52:57.327Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78"
},
{
"name": "https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40"
},
{
"name": "https://www.php.net/manual/en/function.session-start.php",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php.net/manual/en/function.session-start.php"
},
{
"name": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor"
},
{
"name": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime"
},
{
"name": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability"
},
{
"name": "https://www.php.net/manual/en/sessionhandlerinterface.gc.php",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php.net/manual/en/sessionhandlerinterface.gc.php"
}
],
"source": {
"advisory": "GHSA-gv5c-8pxr-p484",
"discovery": "UNKNOWN"
},
"title": "Insufficient session invalidation in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55603",
"datePublished": "2024-12-18T23:52:57.327Z",
"dateReserved": "2024-12-09T14:22:52.524Z",
"dateUpdated": "2024-12-20T20:12:10.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36813 (GCVE-0-2023-36813)
Vulnerability from cvelistv5
Published
2023-07-05 21:05
Modified
2025-02-13 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"
},
{
"name": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a"
},
{
"name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5454"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThan": "1.2.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T19:03:17.863218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T19:23:45.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T03:06:08.898Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"
},
{
"name": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a"
},
{
"name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31"
},
{
"url": "https://www.debian.org/security/2023/dsa-5454"
}
],
"source": {
"advisory": "GHSA-9gvq-78jp-jxcx",
"discovery": "UNKNOWN"
},
"title": "Kanboard Authenticated SQL Injections vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36813",
"datePublished": "2023-07-05T21:05:53.347Z",
"dateReserved": "2023-06-27T15:43:18.383Z",
"dateUpdated": "2025-02-13T16:56:26.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15204 (GCVE-0-2017-15204)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-17 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15204",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-17T04:14:59.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12851 (GCVE-0-2017-12851)
Vulnerability from cvelistv5
Published
2017-08-14 20:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100352"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df",
"refsource": "CONFIRM",
"url": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12851",
"datePublished": "2017-08-14T20:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51747 (GCVE-0-2024-51747)
Vulnerability from cvelistv5
Published
2024-11-11 19:22
Modified
2024-11-12 01:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThan": "1.2.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51747",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:44:34.370605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:45:29.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-27",
"description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:22:27.261Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v"
}
],
"source": {
"advisory": "GHSA-78pf-vg56-5p8v",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Read and Delete in kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51747",
"datePublished": "2024-11-11T19:22:27.261Z",
"dateReserved": "2024-10-31T14:12:45.790Z",
"dateUpdated": "2024-11-12T01:45:29.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15208 (GCVE-0-2017-15208)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15208",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T22:02:12.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15199 (GCVE-0-2017-15199)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15199",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T19:09:17.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46825 (GCVE-0-2025-46825)
Vulnerability from cvelistv5
Published
2025-05-12 22:53
Modified
2025-05-13 14:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46825",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:11:04.163310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:11:07.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.26, \u003c 1.2.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController\u0026action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T22:53:42.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v"
},
{
"name": "https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808"
},
{
"name": "https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564"
},
{
"name": "https://github.com/kanboard/kanboard/blame/v1.2.44/app/Template/project_view/importTasks.php#L11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blame/v1.2.44/app/Template/project_view/importTasks.php#L11"
}
],
"source": {
"advisory": "GHSA-5wj3-c9v4-pj9v",
"discovery": "UNKNOWN"
},
"title": "Kanboard has stored Cross-site Scripting vulnerability in project name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46825",
"datePublished": "2025-05-12T22:53:42.294Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-05-13T14:11:07.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15196 (GCVE-0-2017-15196)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15196",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T16:39:06.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15200 (GCVE-0-2017-15200)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15200",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:13.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55011 (GCVE-0-2025-55011)
Vulnerability from cvelistv5
Published
2025-08-12 15:57
Modified
2025-08-12 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55011",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:30:38.995283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:31:01.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.47"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:57:08.108Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"
},
{
"name": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681"
},
{
"name": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57"
}
],
"source": {
"advisory": "GHSA-26f4-rx96-xc55",
"discovery": "UNKNOWN"
},
"title": "Kanboard Path Traversal in File Write via Task File Upload Api"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55011",
"datePublished": "2025-08-12T15:57:08.108Z",
"dateReserved": "2025-08-04T17:34:24.422Z",
"dateUpdated": "2025-08-12T19:31:01.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22720 (GCVE-0-2024-22720)
Vulnerability from cvelistv5
Published
2024-01-24 00:00
Modified
2025-06-05 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:17:36.153012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T16:11:42.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T17:37:07.659Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22720",
"datePublished": "2024-01-24T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-05T16:11:42.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15211 (GCVE-0-2017-15211)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15211",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:26.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52560 (GCVE-0-2025-52560)
Vulnerability from cvelistv5
Published
2025-06-24 02:56
Modified
2025-06-24 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to craft a malicious password reset link that leaks the token to an attacker-controlled domain. If a victim (including an administrator) clicks the poisoned link, their account can be taken over. This affects all users who initiate a password reset while application_url is not set. This issue has been patched in version 1.2.46.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52560",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:02:34.318703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:02:43.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to craft a malicious password reset link that leaks the token to an attacker-controlled domain. If a victim (including an administrator) clicks the poisoned link, their account can be taken over. This affects all users who initiate a password reset while application_url is not set. This issue has been patched in version 1.2.46."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:56:26.589Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92"
},
{
"name": "https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75"
}
],
"source": {
"advisory": "GHSA-2ch5-gqjm-8p92",
"discovery": "UNKNOWN"
},
"title": "Kanboard Password Reset Poisoning via Host Header Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52560",
"datePublished": "2025-06-24T02:56:26.589Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-24T15:02:43.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15201 (GCVE-0-2017-15201)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15201",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T18:24:25.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12850 (GCVE-0-2017-12850)
Vulnerability from cvelistv5
Published
2017-08-14 20:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"name": "100352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"name": "100352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae",
"refsource": "CONFIRM",
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"name": "100352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12850",
"datePublished": "2017-08-14T20:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33968 (GCVE-0-2023-33968)
Vulnerability from cvelistv5
Published
2023-06-05 19:49
Modified
2025-01-08 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr"
},
{
"name": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33968",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:02:17.986864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:02:26.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T19:49:17.550Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr"
},
{
"name": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053"
}
],
"source": {
"advisory": "GHSA-gf8r-4p6m-v8vr",
"discovery": "UNKNOWN"
},
"title": "Missing Access Control allows User to move and duplicate tasks in Kanboard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33968",
"datePublished": "2023-06-05T19:49:17.550Z",
"dateReserved": "2023-05-24T13:46:35.953Z",
"dateUpdated": "2025-01-08T16:02:26.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55010 (GCVE-0-2025-55010)
Vulnerability from cvelistv5
Published
2025-08-12 15:57
Modified
2025-08-12 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55010",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T16:12:27.079857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:24:36.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.47"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event[\"data\"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:57:13.343Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f"
},
{
"name": "https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57"
}
],
"source": {
"advisory": "GHSA-359x-c69j-q64r",
"discovery": "UNKNOWN"
},
"title": "Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55010",
"datePublished": "2025-08-12T15:57:13.343Z",
"dateReserved": "2025-08-04T17:34:24.422Z",
"dateUpdated": "2025-08-12T16:24:36.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15198 (GCVE-0-2017-15198)
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-16 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15198",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-16T16:54:12.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3920 (GCVE-0-2014-3920)
Vulnerability from cvelistv5
Published
2014-07-03 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140702 Cross-Site Request Forgery (CSRF) in Kanboard",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kanboard.net/news"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140702 Cross-Site Request Forgery (CSRF) in Kanboard",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kanboard.net/news"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140702 Cross-Site Request Forgery (CSRF) in Kanboard",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"name": "http://kanboard.net/news",
"refsource": "CONFIRM",
"url": "http://kanboard.net/news"
},
{
"name": "https://www.htbridge.com/advisory/HTB23217",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3920",
"datePublished": "2014-07-03T14:00:00",
"dateReserved": "2014-05-29T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52576 (GCVE-0-2025-52576)
Vulnerability from cvelistv5
Published
2025-06-25 16:46
Modified
2025-06-25 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52576",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T17:55:01.494974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:55:05.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T16:46:01.954Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1"
},
{
"name": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Model/UserLockingModel.php#L101-L104",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Model/UserLockingModel.php#L101-L104"
},
{
"name": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Subscriber/AuthSubscriber.php#L96-L108",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Subscriber/AuthSubscriber.php#L96-L108"
}
],
"source": {
"advisory": "GHSA-qw57-7cx6-wvp7",
"discovery": "UNKNOWN"
},
"title": "Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52576",
"datePublished": "2025-06-25T16:46:01.954Z",
"dateReserved": "2025-06-18T03:55:52.037Z",
"dateUpdated": "2025-06-25T17:55:05.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36399 (GCVE-0-2024-36399)
Vulnerability from cvelistv5
Published
2024-06-06 15:15
Modified
2024-08-02 03:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThanOrEqual": "1.2.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T17:56:20.351547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:57:49.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "1.2.37"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the \u0027Project Manager\u0027 on a single project may take over any other project. The vulnerability is fixed in 1.2.37."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:15:46.978Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
}
],
"source": {
"advisory": "GHSA-x8v7-3ghx-65cv",
"discovery": "UNKNOWN"
},
"title": "Kanboard affected by Project Takeover via IDOR in ProjectPermissionController"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36399",
"datePublished": "2024-06-06T15:15:46.978Z",
"dateReserved": "2024-05-27T15:59:57.030Z",
"dateUpdated": "2024-08-02T03:37:05.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54001 (GCVE-0-2024-54001)
Vulnerability from cvelistv5
Published
2024-12-05 15:17
Modified
2024-12-05 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThan": "1.2.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54001",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T16:40:28.043861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T16:41:45.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:17:47.891Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj"
}
],
"source": {
"advisory": "GHSA-4vvp-jf72-chrj",
"discovery": "UNKNOWN"
},
"title": "Kanboard allows a persistent HTML injection site scripting in settings page date format"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54001",
"datePublished": "2024-12-05T15:17:47.891Z",
"dateReserved": "2024-11-25T23:14:36.384Z",
"dateUpdated": "2024-12-05T16:41:45.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-12-19 00:15
Modified
2025-03-12 17:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).
Thus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484 | Exploit, Vendor Advisory | |
| security-advisories@github.com | https://www.php.net/manual/en/function.session-start.php | Product | |
| security-advisories@github.com | https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor | Product | |
| security-advisories@github.com | https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime | Product | |
| security-advisories@github.com | https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability | Product | |
| security-advisories@github.com | https://www.php.net/manual/en/sessionhandlerinterface.gc.php | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E29EC0-1572-49D5-8077-7803D7AD75C3",
"versionEndExcluding": "1.2.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).\nThus, a session which\u0027s lifetime is already `\u003e time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. En las versiones afectadas, las sesiones a\u00fan se pueden utilizar aunque su vida \u00fatil haya excedido. Kanboard implementa un gestionador de sesi\u00f3n personalizado (`app/Core/Session/SessionHandler.php`), para almacenar los datos de la sesi\u00f3n en una base de datos. Por lo tanto, cuando se proporciona un `session_id`, Kanboard consulta los datos de la tabla SQL `sessions`. En este punto, no verifica correctamente si un `session_id` dado ya ha excedido su vida \u00fatil (`expires_at`). Por lo tanto, una sesi\u00f3n cuya vida \u00fatil ya es `\u0026gt; time()`, a\u00fan se consulta desde la base de datos y, por lo tanto, es un inicio de sesi\u00f3n v\u00e1lido. La funci\u00f3n **SessionHandlerInterface::gc** implementada, que elimina sesiones no v\u00e1lidas, se llama solo **con cierta probabilidad** (_Limpia sesiones caducadas. Llamada por `session_start()`, basada en las configuraciones `session.gc_divisor`, `session.gc_probability` y `session.gc_maxlifetime`_) de acuerdo con la documentaci\u00f3n de php. En la imagen oficial de Docker de Kanboard, estos valores predeterminados son: session.gc_probability=1, session.gc_divisor=1000. Por lo tanto, una sesi\u00f3n caducada solo se termina con una probabilidad de 1/1000. Este problema se ha solucionado en la versi\u00f3n 1.2.43 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad."
}
],
"id": "CVE-2024-55603",
"lastModified": "2025-03-12T17:42:31.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-19T00:15:06.713",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.php.net/manual/en/function.session-start.php"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.php.net/manual/en/sessionhandlerinterface.gc.php"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 20:15
Modified
2024-11-21 08:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1",
"versionEndExcluding": "1.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application\u0027s URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application\u0027s security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n"
}
],
"id": "CVE-2023-33956",
"lastModified": "2024-11-21T08:06:17.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T20:15:09.460",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir un enlace interno a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15206",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede, por lo menos, ver los nombres de etiquetas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15212",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:55.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-11 20:15
Modified
2025-03-10 17:47
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F917D7-05A5-4979-8D67-E2420F100504",
"versionEndExcluding": "1.2.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. Un administrador de Kanboard autenticado puede ejecutar c\u00f3digo php arbitrario en el servidor en combinaci\u00f3n con la posibilidad de escritura de archivos. El idioma de la interfaz de usuario se determina y carga mediante la configuraci\u00f3n `application_language` en la tabla `settings`. Por lo tanto, un atacante que puede cargar un sqlite.db modificado a trav\u00e9s de la funci\u00f3n dedicada, tiene control sobre la ruta del archivo, que se carga. La explotaci\u00f3n de esta vulnerabilidad tiene una restricci\u00f3n: el atacante debe poder colocar un archivo (llamado traducciones.php) en el sistema. Sin embargo, esto no es imposible, piense en un servidor FTP an\u00f3nimo u otra aplicaci\u00f3n que permita cargar archivos. Una vez que el atacante ha colocado su archivo con el c\u00f3digo php real como payload, el atacante puede crear una configuraci\u00f3n de base de datos sqlite, que utiliza el path traversal para apuntar al directorio, donde se almacena el archivo `translations.php`. Luego, obtiene la ejecuci\u00f3n del c\u00f3digo despu\u00e9s de importar el sqlite.db manipulado. Este problema se ha solucionado en la versi\u00f3n 1.2.42 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-51748",
"lastModified": "2025-03-10T17:47:47.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-11T20:15:19.420",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar columnas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15202",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-05 16:15
Modified
2025-03-10 17:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB7A069-3FD0-41E0-930F-DAB3B1E9E814",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. Se puede inyectar y almacenar HTML en la secci\u00f3n de configuraci\u00f3n de la aplicaci\u00f3n. Los campos application_language, application_date_format,application_timezone y application_time_format permiten la entrada arbitraria del usuario, que se refleja. La vulnerabilidad puede convertirse en xss si la entrada del usuario es c\u00f3digo javascript que omite CSP. Esta vulnerabilidad se solucion\u00f3 en 1.2.41."
}
],
"id": "CVE-2024-54001",
"lastModified": "2025-03-10T17:33:24.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-05T16:15:26.650",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 22:15
Modified
2025-04-10 20:47
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/releases/tag/v1.2.31 | Release Notes | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://www.debian.org/security/2023/dsa-5454 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/releases/tag/v1.2.31 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5454 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1115246F-CC29-4940-B7B3-3F035EECE9AE",
"versionEndExcluding": "1.2.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue."
}
],
"id": "CVE-2023-36813",
"lastModified": "2025-04-10T20:47:18.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T22:15:09.770",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5454"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-11 20:15
Modified
2025-03-10 17:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F917D7-05A5-4979-8D67-E2420F100504",
"versionEndExcluding": "1.2.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. Un administrador de Kanboard autenticado puede leer y eliminar archivos arbitrarios del servidor. Los archivos adjuntos que se pueden ver o descargar en Kanboard se resuelven a trav\u00e9s de su entrada `path` en la base de datos SQLite `project_has_files`. Por lo tanto, un atacante que puede cargar una base de datos sqlite.db modificada a trav\u00e9s de la funci\u00f3n dedicada, puede establecer enlaces de archivos arbitrarios, abusando de los path traversals. Una vez que se carga la base de datos modificada y se accede a la p\u00e1gina del proyecto, se puede activar una descarga de archivo y se pueden descargar todos los archivos, legibles en el contexto de los permisos de la aplicaci\u00f3n Kanboard. Este problema se ha solucionado en la versi\u00f3n 1.2.42 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"id": "CVE-2024-51747",
"lastModified": "2025-03-10T17:50:49.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-11T20:15:19.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-27"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar etiquetas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15201",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir acciones autom\u00e1ticas a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15204",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 20:15
Modified
2024-11-21 08:06
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1",
"versionEndExcluding": "1.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it\u0027s a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"id": "CVE-2023-33970",
"lastModified": "2024-11-21T08:06:19.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T20:15:09.980",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar metadatos de un proyecto privado de otro usuario, tal y como demuestra Name, Email, Identifier y Description."
}
],
"id": "CVE-2017-15199",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede ver miniaturas de im\u00e1genes de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15210",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:55.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-30 05:15
Modified
2024-11-21 08:03
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14326D4F-06FA-4C19-B1F5-763D2D9F6AAD",
"versionEndExcluding": "1.2.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.\n"
}
],
"id": "CVE-2023-32685",
"lastModified": "2024-11-21T08:03:50.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T05:15:11.770",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede eliminar adjuntos de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15209",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:55.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede descargar adjuntos de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15205",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir un enlace interno a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15211",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:55.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 17:15
Modified
2025-08-22 18:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Model/UserLockingModel.php#L101-L104 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Subscriber/AuthSubscriber.php#L96-L108 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D20FE2-A681-49ED-B6E6-1218CDDD6759",
"versionEndExcluding": "1.2.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos centrado en la metodolog\u00eda Kanban. Antes de la versi\u00f3n 1.2.46, Kanboard era vulnerable a la enumeraci\u00f3n de nombres de usuario y a la elusi\u00f3n de la protecci\u00f3n por fuerza bruta basada en suplantaci\u00f3n de IP. Al analizar el comportamiento de inicio de sesi\u00f3n y abusar de los encabezados HTTP de confianza, un atacante puede determinar nombres de usuario v\u00e1lidos y eludir los mecanismos de limitaci\u00f3n o bloqueo. Cualquier organizaci\u00f3n que ejecute una instancia de Kanboard de acceso p\u00fablico se ve afectada, especialmente si utiliza protecciones basadas en IP como Fail2Ban o CAPTCHA para la limitaci\u00f3n de la tasa de inicio de sesi\u00f3n. Los atacantes con acceso a la p\u00e1gina de inicio de sesi\u00f3n pueden explotar esta vulnerabilidad para enumerar nombres de usuario v\u00e1lidos y eludir los mecanismos de bloqueo basados en IP, lo que aumenta el riesgo de ataques de fuerza bruta o robo de credenciales. La versi\u00f3n 1.2.46 incluye un parche para solucionar este problema."
}
],
"id": "CVE-2025-52576",
"lastModified": "2025-08-22T18:23:53.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-25T17:15:39.023",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Model/UserLockingModel.php#L101-L104"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4572bb8801b275a0b451c4bda0/app/Subscriber/AuthSubscriber.php#L96-L108"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-06 16:15
Modified
2024-11-21 09:22
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8A13B9-1EFA-484F-82D7-DEAF65D20165",
"versionEndExcluding": "1.2.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the \u0027Project Manager\u0027 on a single project may take over any other project. The vulnerability is fixed in 1.2.37."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. La vulnerabilidad est\u00e1 en la funci\u00f3n addUser() de app/Controller/ProjectPermissionController.php. El permiso de los usuarios para agregar usuarios a un proyecto solo se verifica en el par\u00e1metro de URL project_id. Si el usuario est\u00e1 autorizado a agregar usuarios a este proyecto, la solicitud se procesa. El permiso de los usuarios para el par\u00e1metro POST BODY project_id no se vuelve a verificar durante el procesamiento. Un atacante con el \u0027Gerente de Proyecto\u0027 en un \u00fanico proyecto puede hacerse cargo de cualquier otro proyecto. La vulnerabilidad se solucion\u00f3 en 1.2.37."
}
],
"id": "CVE-2024-36399",
"lastModified": "2024-11-21T09:22:06.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-06T16:15:12.573",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-285"
},
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede eliminar acciones autom\u00e1ticas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15208",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:55.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede eliminar columnas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15196",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 20:15
Modified
2024-11-21 08:06
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1",
"versionEndExcluding": "1.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-33968",
"lastModified": "2024-11-21T08:06:18.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T20:15:09.750",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-12 16:15
Modified
2025-08-22 17:15
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55 | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8725B482-0964-41C2-9E52-AB3DB5BE0976",
"versionEndExcluding": "1.2.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos basado en la metodolog\u00eda Kanban. Antes de la versi\u00f3n 1.2.47, el m\u00e9todo createTaskFile de la API no validaba si el par\u00e1metro task_id era un ID de tarea v\u00e1lido ni verificaba path traversal. Por lo tanto, un usuario malicioso podr\u00eda escribir un archivo en cualquier parte del sistema que controle el usuario de la aplicaci\u00f3n. El impacto es limitado debido a que el nombre del archivo est\u00e1 codificado y no tiene extensi\u00f3n. Este problema se ha corregido en la versi\u00f3n 1.2.47."
}
],
"id": "CVE-2025-55011",
"lastModified": "2025-08-22T17:15:47.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-12T16:15:28.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir una nueva categor\u00eda a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15197",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-03 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kanboard.net/news | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/532619/100/0/threaded | ||
| cve@mitre.org | https://www.htbridge.com/advisory/HTB23217 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kanboard.net/news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/532619/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.htbridge.com/advisory/HTB23217 | Exploit |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E8932A-E46B-4F82-9433-923FBDDBA935",
"versionEndIncluding": "1.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en Kanboard anterior a 1.0.6 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que a\u00f1aden un usuario administrativo a trav\u00e9s de una acci\u00f3n de guardar en la URI por defecto."
}
],
"id": "CVE-2014-3920",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-03T14:55:08.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kanboard.net/news"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kanboard.net/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar tareas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15207",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar una categor\u00eda de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15198",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-12 23:15
Modified
2025-07-11 14:41
Severity ?
Summary
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/blame/v1.2.44/app/Template/project_view/importTasks.php#L11 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564 | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD04A5B-FCB2-4AF3-B5D8-56ACC4EC796D",
"versionEndExcluding": "1.2.45",
"versionStartIncluding": "1.2.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController\u0026action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos basado en la metodolog\u00eda Kanban. Las versiones 1.2.26 a 1.2.44 presentan una vulnerabilidad de Cross Site Scripting (XSS) almacenado en el par\u00e1metro `name` del formulario `http://localhost/?controller=ProjectCreationController\u0026amp;action=create`. Esta vulnerabilidad permite a los atacantes inyectar scripts maliciosos en p\u00e1ginas web visitadas por otros usuarios. Tenga en cuenta que la pol\u00edtica de seguridad de contenido (CSP) predeterminada bloquea el ataque de JavaScript, aunque puede explotarse si una instancia est\u00e1 mal configurada y el software es vulnerable a la inyecci\u00f3n de CSS debido a la funci\u00f3n unsafe-inline de la CSP predeterminada. La versi\u00f3n 1.2.45 contiene una soluci\u00f3n para este problema."
}
],
"id": "CVE-2025-46825",
"lastModified": "2025-07-11T14:41:27.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-12T23:15:25.350",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blame/v1.2.44/app/Template/project_view/importTasks.php#L11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-24 18:15
Modified
2025-06-05 16:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "18A3F10C-E5F4-4506-801E-5D0C3CD322B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature."
},
{
"lang": "es",
"value": "Kanboard 1.2.34 es vulnerable a la inyecci\u00f3n HTML en la funci\u00f3n de administraci\u00f3n de grupos."
}
],
"id": "CVE-2024-22720",
"lastModified": "2025-06-05T16:15:26.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-24T18:15:08.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede editar calles de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15195",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-14 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/100352 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100352 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0BD9E9-7C97-4DAD-842F-0D05D1EF2EF9",
"versionEndIncluding": "1.0.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46."
},
{
"lang": "es",
"value": "Un usuario est\u00e1ndar autenticado podr\u00eda resetear la contrase\u00f1a de otros usuarios (incluyendo al administrador) alterando los datos del formulario. Afecta a kanboard en versiones anteriores a la 1.0.46."
}
],
"id": "CVE-2017-12850",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-14T20:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-14 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/100352 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100352 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0BD9E9-7C97-4DAD-842F-0D05D1EF2EF9",
"versionEndIncluding": "1.0.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46."
},
{
"lang": "es",
"value": "Un usuario est\u00e1ndar autenticado podr\u00eda resetear la contrase\u00f1a del administrador alterando los datos del formulario. Afecta a kanboard en versiones anteriores a la 1.0.46."
}
],
"id": "CVE-2017-12851",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-14T20:29:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir una nueva tarea a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15200",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 20:15
Modified
2024-11-21 08:06
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1",
"versionEndExcluding": "1.2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.\n\n"
}
],
"id": "CVE-2023-33969",
"lastModified": "2024-11-21T08:06:19.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T20:15:09.867",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kanboard | kanboard | 1.0.0 | |
| kanboard | kanboard | 1.0.1 | |
| kanboard | kanboard | 1.0.2 | |
| kanboard | kanboard | 1.0.3 | |
| kanboard | kanboard | 1.0.4 | |
| kanboard | kanboard | 1.0.5 | |
| kanboard | kanboard | 1.0.6 | |
| kanboard | kanboard | 1.0.7 | |
| kanboard | kanboard | 1.0.8 | |
| kanboard | kanboard | 1.0.9 | |
| kanboard | kanboard | 1.0.10 | |
| kanboard | kanboard | 1.0.11 | |
| kanboard | kanboard | 1.0.12 | |
| kanboard | kanboard | 1.0.13 | |
| kanboard | kanboard | 1.0.14 | |
| kanboard | kanboard | 1.0.15 | |
| kanboard | kanboard | 1.0.16 | |
| kanboard | kanboard | 1.0.17 | |
| kanboard | kanboard | 1.0.18 | |
| kanboard | kanboard | 1.0.19 | |
| kanboard | kanboard | 1.0.20 | |
| kanboard | kanboard | 1.0.21 | |
| kanboard | kanboard | 1.0.22 | |
| kanboard | kanboard | 1.0.23 | |
| kanboard | kanboard | 1.0.24 | |
| kanboard | kanboard | 1.0.25 | |
| kanboard | kanboard | 1.0.26 | |
| kanboard | kanboard | 1.0.27 | |
| kanboard | kanboard | 1.0.28 | |
| kanboard | kanboard | 1.0.29 | |
| kanboard | kanboard | 1.0.30 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.31 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.32 | |
| kanboard | kanboard | 1.0.33 | |
| kanboard | kanboard | 1.0.34 | |
| kanboard | kanboard | 1.0.35 | |
| kanboard | kanboard | 1.0.36 | |
| kanboard | kanboard | 1.0.37 | |
| kanboard | kanboard | 1.0.38 | |
| kanboard | kanboard | 1.0.39 | |
| kanboard | kanboard | 1.0.40 | |
| kanboard | kanboard | 1.0.41 | |
| kanboard | kanboard | 1.0.42 | |
| kanboard | kanboard | 1.0.43 | |
| kanboard | kanboard | 1.0.44 | |
| kanboard | kanboard | 1.0.45 | |
| kanboard | kanboard | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede eliminar categor\u00edas de un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15203",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 19:29
Modified
2024-11-21 04:48
Severity ?
Summary
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/May/41 | ||
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f | Patch | |
| cve@mitre.org | https://github.com/kanboard/kanboard/releases/tag/v1.2.8 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/May/41 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/releases/tag/v1.2.8 | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55959606-33E3-49AF-8D2C-57B8F0FD1F3A",
"versionEndExcluding": "1.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting."
},
{
"lang": "es",
"value": "app/Core/Paginator.php en Kanboard, en versiones anteriores a la 1.2.8, tiene Cross-Site Scripting (XSS) en la ordenaci\u00f3n de paginaci\u00f3n."
}
],
"id": "CVE-2019-7324",
"lastModified": "2024-11-21T04:48:00.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T19:29:00.320",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/41"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-12 16:15
Modified
2025-08-22 17:28
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57 | Product | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f | Patch | |
| security-advisories@github.com | https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8725B482-0964-41C2-9E52-AB3DB5BE0976",
"versionEndExcluding": "1.2.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event[\"data\"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos basado en la metodolog\u00eda Kanban. Antes de la versi\u00f3n 1.2.47, una vulnerabilidad de deserializaci\u00f3n insegura en ProjectEventActvityFormatter permit\u00eda a los administradores instanciar objetos PHP arbitrarios modificando el campo event[\"data\"] en la tabla project_activities. Un atacante puede actualizar este campo para usar un gadget PHP y escribir un shell web en la carpeta /plugins, lo que permite la ejecuci\u00f3n remota de c\u00f3digo en el sistema host. Este problema se ha corregido en la versi\u00f3n 1.2.47."
}
],
"id": "CVE-2025-55010",
"lastModified": "2025-08-22T17:28:18.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-12T16:15:28.540",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}