Kanboard
CVE-2017-15199
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
AnalysisAI
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-639. In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Affected products include: Kanboard. Version information: before 1.0.47.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The applic
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 8.8), this vul
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation rest
Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to
Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one pro
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentic
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this v
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.3), this v
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today