Описание
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kanboard | fixed | 1.2.50+ds-1 | package |
Примечания
https://github.com/kanboard/kanboard/security/advisories/GHSA-6rxw-vvvj-r93q
Fixed by: https://github.com/kanboard/kanboard/commit/c3d8d20e05322b09e036fed7afb57194d624a414 (v1.2.50)
Связанные уязвимости
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.