Kanboard Security Vulnerabilities and Issues — Kanboard CVE List

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•48 views

CVE-2017-15208

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•47 views

CVE-2017-15201

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•47 views

CVE-2017-15206

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/08/14 8:29 p.m.•46 views

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

8.8CVSS8.6AI score0.00466EPSS

cve•added 2017/10/11 1:32 a.m.•45 views

CVE-2017-15195

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•45 views

CVE-2017-15197

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•44 views

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.

4.3CVSS4.5AI score0.00294EPSS

cve•added 2017/10/11 1:32 a.m.•44 views

CVE-2017-15212

In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.

4.3CVSS4.5AI score0.00298EPSS

cve•added 2017/10/11 1:32 a.m.•43 views

CVE-2017-15200

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•43 views

CVE-2017-15205

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

4.3CVSS4.5AI score0.00294EPSS

cve•added 2017/10/11 1:32 a.m.•43 views

CVE-2017-15209

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

4.3CVSS4.5AI score0.00472EPSS

cve•added 2017/10/11 1:32 a.m.•41 views

CVE-2017-15202

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•41 views

CVE-2017-15203

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•40 views

CVE-2017-15207

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•40 views

CVE-2017-15211

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.

4.3CVSS4.5AI score0.00487EPSS

cve•added 2017/10/11 1:32 a.m.•39 views

CVE-2017-15204

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.

4.3CVSS4.5AI score0.00487EPSS