EUVD-2017-6662

Malware in sbrugna...

CVE-2017-15211

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user...

CVE-2017-15206

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user...

CVE-2017-15196

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user...

CVE-2017-15197

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user...

CVE-2017-15195

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...

CVE-2017-15201

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user...

Design/Logic Flaw

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user...

Design/Logic Flaw

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user...

Design/Logic Flaw

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user...

Design/Logic Flaw

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...

CVE-2017-15201

CVE-2017-15201 affects Kanboard versions before 1.0.47. An authenticated user can edit tags of another user’s private project by altering form data, due to a permission/validation issue. Impact is editing private project labels. Remediation: upgrade to Kanboard 1.0.47 (or later) where the issue i...

CVE-2017-15203

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user...

CVE-2017-15201

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user...

CVE-2017-15204

Vulnerability details (CVE-2017-15204): In Kanboard prior to 1.0.47, an authenticated user can modify form data to add automatic actions to another user’s private project. Affected software: Kanboard before 1.0.47. Root cause: insufficient validation of altered form data allowing escalation of ac...

CVE-2017-15203

CVE-2017-15203 affects Kanboard prior to 1.0.47. An authenticated user can tamper with form data to remove categories from another user’s private project, indicating an access-control/intentional data modification flaw in the project categorization logic. The root cause is not expanded in the pro...

CVE-2017-15198

CVE-2017-15198 affects Kanboard prior to 1.0.47. An authenticated user can alter form data to edit a category of another user’s private project, exposing an authorization weakness in the category-edit flow. The issue is documented across multiple sources (Red Hat, NVD, CVE List, Debian tracker) a...

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46...

CVE-2017-12851

CVE-2017-12851 affects Kanboard prior to 1.0.46. An authenticated standard user could reset the administrator password by altering form data in the request, exposing a password‑reset vulnerability in the admin account. Remediation guidance found in public references suggests upgrading to a fixed ...