Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Access Control allows User to move and duplicate tasks in Kanboard
Vulnerability Description
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Kanboard 安全漏洞
Vulnerability Description
Kanboard是一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.30之前版本存在安全漏洞,该漏洞源于存在访问控制缺失漏洞,允许低权限用户创建任务或将任务转移到软件内的任何项目。
CVSS Information
N/A
Vulnerability Type
N/A