Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kanboard affected by Project Takeover via IDOR in ProjectPermissionController
Vulnerability Description
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Kanboard 安全漏洞
Vulnerability Description
Kanboard是一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.37之前版本存在安全漏洞,该漏洞源于不会验证用户对主体参数project_id的权限。
CVSS Information
N/A
Vulnerability Type
N/A