Vulnerabilities > Kanboard

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-15201 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-10-11 CVE-2017-15200 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-10-11 CVE-2017-15199 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
network
low complexity
kanboard CWE-639
4.3
2017-10-11 CVE-2017-15198 Information Exposure vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
network
low complexity
kanboard CWE-200
4.3
2017-10-11 CVE-2017-15197 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-10-11 CVE-2017-15196 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-10-11 CVE-2017-15195 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-08-14 CVE-2017-12851 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard
An authenticated standard user could reset the password of the admin by altering form data.
network
low complexity
kanboard CWE-640
8.8
2017-08-14 CVE-2017-12850 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard
An authenticated standard user could reset the password of other users (including the admin) by altering form data.
network
low complexity
kanboard CWE-640
8.8