Kanboard
Monthly
An authenticated SQL injection vulnerability exists in Kanboard project management software prior to version 1.2.51. Authenticated attackers with permission to add users to a project can exploit this vulnerability to dump the entire Kanboard database, potentially exposing sensitive project data, user credentials, and application secrets. The vulnerability is confirmed under active tracking by Debian (2 releases) and Ubuntu (medium priority), with a GitHub Security Advisory published.
Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.
Kanboard versions prior to 1.2.50 allow authenticated users to duplicate tasks into projects they lack access permissions for due to insufficient validation in the TaskCreationController endpoint. This privilege escalation vulnerability enables users to move sensitive tasks across project boundaries they should not be able to access. Public exploit code exists for this incomplete fix of a prior authorization bypass vulnerability.
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.
Kanboard versions up to 1.2.50 is affected by authorization bypass through user-controlled key (CVSS 4.3).
Kanboard versions prior to 1.2.50 contain a CSRF vulnerability in the ProjectPermissionController that accepts text/plain content instead of enforcing application/json, enabling attackers to modify project user roles through malicious forms. An authenticated admin visiting a malicious website could be tricked into unknowingly changing role assignments, potentially granting unauthorized access to projects. Public exploit code exists for this vulnerability, though a patch is available in version 1.2.50 and later.
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The application trusts HTTP headers for authentication without verifying the request came from the reverse proxy. Any attacker can impersonate any user including admins. PoC available, patch available.
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP authentication mechanism allows attackers to enumerate users, extract sensitive attributes, and target specific accounts. Public exploit code exists for this vulnerability. The issue is resolved in version 1.2.49 and later.
Open redirect vulnerability in Kanboard versions 1.2.48 and below allows attackers to bypass URL validation and redirect authenticated users to malicious websites through specially crafted URLs. Public exploit code exists for this vulnerability, which can be leveraged for phishing attacks and credential theft. The vulnerability is resolved in version 1.2.49.
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Kanboard is project management software that focuses on the Kanban methodology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A remote code execution vulnerability in Kanboard (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to craft malicious password reset emails with attacker-controlled URLs when the application_url configuration is unset (default state). If a victim clicks the poisoned reset link, their password reset token is leaked to the attacker's domain, enabling complete account takeover including administrative accounts. This vulnerability requires user interaction (clicking a link) but affects all users initiating password resets on vulnerable instances, making it a practical and high-impact attack vector for account compromise.
Kanboard is project management software that focuses on the Kanban methodology. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An authenticated SQL injection vulnerability exists in Kanboard project management software prior to version 1.2.51. Authenticated attackers with permission to add users to a project can exploit this vulnerability to dump the entire Kanboard database, potentially exposing sensitive project data, user credentials, and application secrets. The vulnerability is confirmed under active tracking by Debian (2 releases) and Ubuntu (medium priority), with a GitHub Security Advisory published.
Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.
Kanboard versions prior to 1.2.50 allow authenticated users to duplicate tasks into projects they lack access permissions for due to insufficient validation in the TaskCreationController endpoint. This privilege escalation vulnerability enables users to move sensitive tasks across project boundaries they should not be able to access. Public exploit code exists for this incomplete fix of a prior authorization bypass vulnerability.
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.
Kanboard versions up to 1.2.50 is affected by authorization bypass through user-controlled key (CVSS 4.3).
Kanboard versions prior to 1.2.50 contain a CSRF vulnerability in the ProjectPermissionController that accepts text/plain content instead of enforcing application/json, enabling attackers to modify project user roles through malicious forms. An authenticated admin visiting a malicious website could be tricked into unknowingly changing role assignments, potentially granting unauthorized access to projects. Public exploit code exists for this vulnerability, though a patch is available in version 1.2.50 and later.
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The application trusts HTTP headers for authentication without verifying the request came from the reverse proxy. Any attacker can impersonate any user including admins. PoC available, patch available.
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP authentication mechanism allows attackers to enumerate users, extract sensitive attributes, and target specific accounts. Public exploit code exists for this vulnerability. The issue is resolved in version 1.2.49 and later.
Open redirect vulnerability in Kanboard versions 1.2.48 and below allows attackers to bypass URL validation and redirect authenticated users to malicious websites through specially crafted URLs. Public exploit code exists for this vulnerability, which can be leveraged for phishing attacks and credential theft. The vulnerability is resolved in version 1.2.49.
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Kanboard is project management software that focuses on the Kanban methodology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A remote code execution vulnerability in Kanboard (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to craft malicious password reset emails with attacker-controlled URLs when the application_url configuration is unset (default state). If a victim clicks the poisoned reset link, their password reset token is leaked to the attacker's domain, enabling complete account takeover including administrative accounts. This vulnerability requires user interaction (clicking a link) but affects all users initiating password resets on vulnerable instances, making it a practical and high-impact attack vector for account compromise.
Kanboard is project management software that focuses on the Kanban methodology. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.