Vulnerability Description
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS Score
4.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | 1.0.0 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/10/04/9Mailing ListThird Party AdvisoryVDB Entry
- https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4bePatchThird Party Advisory
- https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f53PatchThird Party Advisory
- https://kanboard.net/news/version-1.0.47Release NotesVendor Advisory
- http://openwall.com/lists/oss-security/2017/10/04/9Mailing ListThird Party AdvisoryVDB Entry
- https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4bePatchThird Party Advisory
- https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f53PatchThird Party Advisory
- https://kanboard.net/news/version-1.0.47Release NotesVendor Advisory
FAQ
What is CVE-2017-15198?
CVE-2017-15198 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
How severe is CVE-2017-15198?
CVE-2017-15198 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15198?
Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.