16 matches found
PT-2026-36816
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description An authenticated user with project.add permission can import a specially crafted project backup ZIP file. If the components/.json file within the ZIP contains a repo URL pointing to a private addres...
EUVD-2026-13708
Vikunja read-only users can delete project background images via broken object-level authorization...
PT-2026-26622
Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...
CVE-2026-33058
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-3306
CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...
CVE-2026-24885
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...
UBUNTU-CVE-2026-24885
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...
CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...
CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...
DEBIAN-CVE-2024-36399
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...
Comment button visible to users without permission on boards
h3. Issue Summary When a project's permissions are set to allow viewing by any logged in user, but commenting is limited to specific project roles, if a user attempts to comment from a board, the button is available to them and they see the following error message: panel:bgColor=eeeeee...
CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...
Design/Logic Flaw
An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...
Authorisation Bypass
aodh is vulnerable to authorization bypass. When an alarm action with trust+http: scheme is created, it fails to verify that a user providing the trust ID is the trustor or has the same permission as the trustor. In addition, it also fails to verify that the trust is for the same project as the...
Project's permission bypass JIRA global permissions
h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...
Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.
Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL usersvia the project table portlet, if they have any kind of permission to see this project or not. So all users can see this project, but can't see an...