CVE-2017-15205

CVE-2017-15205

EPSS 1.1%

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://openwall.com/lists/oss-security/2017/10/04/9 https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 https://kanboard.net/news/version-1.0.47