Lucene search

FreeBSDBFCA647C-0456-11EE-BAFD-B42E991FC52E

HistoryJun 05, 2023 - 12:00 a.m.

Kanboard -- Multiple vulnerabilities

2023-06-0500:00:00

vuxml.freebsd.org

kanboard

project management

access control

cross site scripting

private file exposure

vulnerabilities

kanban methodology

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.8%

JSON

Kanboard is project management software that focuses on the Kanban
methodology. The last update includes 4 vulnerabilities:
[email protected] reports:

Missing access control in internal task links feature
Stored Cross site scripting in the Task External Link Functionality in Kanboard
Missing Access Control allows User to move and duplicate tasks in Kanboard
Parameter based Indirect Object Referencing leading to private file exposure in Kanboard

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp80-kanboard< 1.2.30UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	php80-kanboard	< 1.2.30	UNKNOWN

References

nvd.nist.gov/vuln/detail/CVE-2023-33956

nvd.nist.gov/vuln/detail/CVE-2023-33968

nvd.nist.gov/vuln/detail/CVE-2023-33969

nvd.nist.gov/vuln/detail/CVE-2023-33970

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.8%

JSON

Related for BFCA647C-0456-11EE-BAFD-B42E991FC52E