Kanboard Security Vulnerabilities and Issues — Kanboard CVE List

Lucene search

KanboardKanboard

4 matches found

CVE•added 2024/06/06 4:15 p.m.•54 views

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users t...

8.2CVSS6.8AI score0.00137EPSS

CVE•added 2017/08/14 8:29 p.m.•52 views

CVE-2017-12850

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

8.8CVSS8.6AI score0.00466EPSS

CVE•added 2017/08/14 8:29 p.m.•47 views

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

8.8CVSS8.6AI score0.00466EPSS

CVE•added 2023/07/05 10:15 p.m.•46 views

CVE-2023-36813

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly u...

8.8CVSS8.1AI score0.00051EPSS