Vulnerability Description
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.31 |
Related Weaknesses (CWE)
References
- https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6aPatch
- https://github.com/kanboard/kanboard/releases/tag/v1.2.31Release Notes
- https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcxExploitThird Party Advisory
- https://www.debian.org/security/2023/dsa-5454Mailing List
- https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6aPatch
- https://github.com/kanboard/kanboard/releases/tag/v1.2.31Release Notes
- https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcxExploitThird Party Advisory
- https://www.debian.org/security/2023/dsa-5454Mailing List
FAQ
What is CVE-2023-36813?
CVE-2023-36813 is a vulnerability with a CVSS score of 7.1 (HIGH). Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or l...
How severe is CVE-2023-36813?
CVE-2023-36813 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36813?
Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.