Описание
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.
Ссылки
- Product
- Patch
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.47 (исключая)
cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
6.4 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.4
debian
6 месяцев назад
Kanboard is project management software that focuses on the Kanban met ...
EPSS
Процентиль: 17%
0.00054
Низкий
6.4 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22