Описание
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
Ссылки
- Patch
- ProductRelease Notes
- ExploitMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.50 (исключая)
cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00036
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 4.3
ubuntu
около 2 месяцев назад
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
CVSS3: 4.3
debian
около 2 месяцев назад
Kanboard is project management software focused on Kanban methodology. ...
EPSS
Процентиль: 10%
0.00036
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639