Password Reset Vulnerability in Kanboard by Kanboard
CVE-2017-12850

8.8HIGH

Key Information:

Vendor: Kanboard
Status: Kanboard
Vendor: CVE Published:; 14 August 2017

Summary

An authenticated standard user can exploit a security weakness in Kanboard to reset the passwords of other users, including administrators, by manipulating form data. This vulnerability compromises user account security and can potentially lead to unauthorized access and data breaches. It is crucial for users of Kanboard to update to version 1.0.46 or later to mitigate the risks associated with this vulnerability.

References

https://github.com/kanboard/kanboard/commit/88dd6abbf3f51...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100352

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2017
Vulnerability Reserved
Aug 14, 2017