Vulnerability Description
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | <= 1.0.45 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100352Third Party AdvisoryVDB Entry
- https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123PatchThird Party Advisory
- http://www.securityfocus.com/bid/100352Third Party AdvisoryVDB Entry
- https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123PatchThird Party Advisory
FAQ
What is CVE-2017-12850?
CVE-2017-12850 is a vulnerability with a CVSS score of 8.8 (HIGH). An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
How severe is CVE-2017-12850?
CVE-2017-12850 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12850?
Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.