Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Vulnerability Description
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Kanboard 安全漏洞
Vulnerability Description
Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.50之前版本存在安全漏洞,该漏洞源于getSwimlane API方法缺少项目级授权,可能导致未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A