Vulnerabilities > Kanboard

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-15195 Authorization Bypass Through User-Controlled Key vulnerability in Kanboard
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
network
low complexity
kanboard CWE-639
4.3
2017-08-14 CVE-2017-12851 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard
An authenticated standard user could reset the password of the admin by altering form data.
network
low complexity
kanboard CWE-640
8.8
2017-08-14 CVE-2017-12850 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard
An authenticated standard user could reset the password of other users (including the admin) by altering form data.
network
low complexity
kanboard CWE-640
8.8