CVE-2017-15209

CVE-2017-15209

EPSS 0.9%

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://openwall.com/lists/oss-security/2017/10/04/9 https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1 https://kanboard.net/news/version-1.0.47