Kanboard

Source repositories

https://github.com/kanboard/kanboard

CVEs (46)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-12851	Hig	0.57	8.8	0.00	Aug 14, 2017	An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12850	Hig	0.57	8.8	0.00	Aug 14, 2017	An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2017-15212	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVE-2017-15211	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVE-2017-15210	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVE-2017-15209	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVE-2017-15208	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVE-2017-15207	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVE-2017-15206	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVE-2017-15205	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
CVE-2017-15204	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVE-2017-15203	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVE-2017-15202	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVE-2017-15201	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVE-2017-15200	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVE-2017-15199	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVE-2017-15198	Med	0.28	4.3	0.01	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVE-2017-15197	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVE-2017-15196	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVE-2017-15195	Med	0.28	4.3	0.00	Oct 11, 2017	In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.