Kanboard ≫ Kanboard

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.