7 matches found
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...
CVE-2017-15195
Vulnerability: CVE-2017-15195 affects Kanboard before 1.0.47. An authenticated user can alter form data to edit swimlanes in private projects of other users. Root cause: improper handling of form data allowing cross-user edits. Impact: unauthorized modification of another user’s private project s...
Kanboard design flaws
Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...