CVE-2017-15205
- EPSS 0.29%
- Veröffentlicht 11.10.2017 01:32:54
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
CVE-2017-15206
- EPSS 0.54%
- Veröffentlicht 11.10.2017 01:32:54
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVE-2017-15207
- EPSS 0.54%
- Veröffentlicht 11.10.2017 01:32:54
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVE-2017-12851
- EPSS 0.47%
- Veröffentlicht 14.08.2017 20:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12850
- EPSS 0.47%
- Veröffentlicht 14.08.2017 20:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2014-3920
- EPSS 0.13%
- Veröffentlicht 03.07.2014 14:55:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.