Authorization Bypass Through User-Controlled Key Affecting kanboard package, versions <1.2.26+ds-2+deb12u1


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.07% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-KANBOARD-5666365
  • published6 Jun 2023
  • disclosed5 Jun 2023

Introduced: 5 Jun 2023

CVE-2023-33956  (opens in a new tab)
CWE-639  (opens in a new tab)

How to fix?

Upgrade Debian:12 kanboard to version 1.2.26+ds-2+deb12u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kanboard package and not the kanboard package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under /files directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Scores

version 3.1