Kanboard: >> Kanboard Security Vulnerabilities
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-14
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-14
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-07-03
Page 4