Password Reset Vulnerability in Kanboard by Kanboard
CVE-2017-12851

8.8HIGH

Key Information:

Vendor: Kanboard
Status: Kanboard
Vendor: CVE Published:; 14 August 2017

Summary

An issue exists in Kanboard where an authenticated standard user is able to reset the password for an admin account by manipulating form data. This vulnerability can lead to unauthorized access and potential exploitation of administrative privileges, impacting the overall security of the Kanboard application. It affects all versions of Kanboard preceding 1.0.46 and highlights the importance of securing password reset mechanisms within applications.

References

http://www.securityfocus.com/bid/100352

vdb-entryx_refsource_BID

https://github.com/kanboard/kanboard/commit/b79b18efd7a1a...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2017
Vulnerability Reserved
Aug 14, 2017