fkie_cve-2017-15200
Vulnerability from fkie_nvd
Published
2017-10-11 01:32
Modified
2025-04-20 01:37
Severity ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*",
"matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*",
"matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
},
{
"lang": "es",
"value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir una nueva tarea a un proyecto privado de otro usuario."
}
],
"id": "CVE-2017-15200",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T01:32:54.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://kanboard.net/news/version-1.0.47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…