Lucene search

K
KanboardKanboard

5 matches found

CVE
CVE
added 2024/06/06 4:15 p.m.53 views

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users t...

8.2CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2017/08/14 8:29 p.m.51 views

CVE-2017-12850

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

8.8CVSS8.6AI score0.00466EPSS
CVE
CVE
added 2017/08/14 8:29 p.m.46 views

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

8.8CVSS8.6AI score0.00466EPSS
CVE
CVE
added 2023/07/05 10:15 p.m.45 views

CVE-2023-36813

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly u...

8.8CVSS8.1AI score0.00051EPSS
CVE
CVE
added 2025/06/24 3:15 a.m.8 views

CVE-2025-52560

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to...

8.1CVSS8.1AI score0.00035EPSS