2 matches found
CVE-2017-15200
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user...
CVE-2017-15200
Affected product: Kanboard prior to 1.0.47. Vulnerability: authenticated user can bypass access control by altering form data to add a new task into another user’s private project. Root cause: missing/insufficient authorization check when task creation. Impact: unauthorized task creation (CVSSv3 ...