Authorization Issue in Kanboard Project Management Tool
CVE-2017-15196

4.3MEDIUM

Key Information:

Vendor: Kanboard
Status: Kanboard
Vendor: CVE Published:; 11 October 2017

🔔 Create Kanboard Vulnerability Alert

What is CVE-2017-15196?

In versions of Kanboard prior to 1.0.47, an authenticated user can exploit a weakness by manipulating form data to remove columns from a private project owned by another user. This flaw can lead to unauthorized modifications within collaborative environments, potentially compromising project data integrity and user privacy.

References

https://github.com/kanboard/kanboard/commit/074f6c104f3e4...

x_refsource_MISC

http://openwall.com/lists/oss-security/2017/10/04/9

x_refsource_MISC

https://kanboard.net/news/version-1.0.47

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 11, 2017

.

CVE-2017-15196 : Authorization Issue in Kanboard Project Management Tool