CVE-2014-3920

Kanboard < 1.0.6 - Cross-Site Request Forgery via Administrative User Addition

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532619/100/0/threaded
Various Sources x_refsource_confirm
http://kanboard.net/news

Scores

EPSS 0.0069
EPSS Percentile 48.4%

Details

CWE
CWE-352
Status published
Products (7)
kanboard/kanboard 1.0.0
kanboard/kanboard 1.0.1
kanboard/kanboard 1.0.2
kanboard/kanboard 1.0.3
kanboard/kanboard 1.0.4
kanboard/kanboard 1.0.5
kanboard/kanboard < 1.0.6
Published Jul 03, 2014
Tracked Since Feb 18, 2026