CVE-2017-15205

MEDIUM

Kanboard - Information Disclosure

Title source: rule
STIX 2.1

Description

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory, VDB Entry x_refsource_misc
http://openwall.com/lists/oss-security/2017/10/04/9
Release Notes, Vendor Advisory x_refsource_misc
https://kanboard.net/news/version-1.0.47

Scores

CVSS v3 4.3
EPSS 0.0029
EPSS Percentile 52.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (46)
kanboard/kanboard 1.0.0
kanboard/kanboard 1.0.1
kanboard/kanboard 1.0.2
kanboard/kanboard 1.0.3
kanboard/kanboard 1.0.4
kanboard/kanboard 1.0.5
kanboard/kanboard 1.0.6
kanboard/kanboard 1.0.7
kanboard/kanboard 1.0.8
kanboard/kanboard 1.0.9
... and 36 more
Published Oct 11, 2017
Tracked Since Feb 18, 2026