CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51747 – Arbitrary File Read and Delete in kanboard
https://notcve.org/view.php?id=CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. • https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51748 – Remote code execution through language setting in kanboard
https://notcve.org/view.php?id=CVE-2024-51748
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. • https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36813 – Kanboard Authenticated SQL Injections vulnerability
https://notcve.org/view.php?id=CVE-2023-36813
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue. • https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a https://github.com/kanboard/kanboard/releases/tag/v1.2.31 https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx https://www.debian.org/security/2023/dsa-5454 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33969 – Stored Cross site scripting in the Task External Link Functionality in Kanboard
https://notcve.org/view.php?id=CVE-2023-33969
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. • https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33970 – Missing access control in internal task links feature in Kanboard
https://notcve.org/view.php?id=CVE-2023-33970
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. • https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 • CWE-862: Missing Authorization •