Authorization Bypass Through User-Controlled Key Affecting kanboard package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.04% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-KANBOARD-7216473
  • published7 Jun 2024
  • disclosed6 Jun 2024

Introduced: 6 Jun 2024

CVE-2024-36399  (opens in a new tab)
CWE-639  (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 kanboard.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kanboard package and not the kanboard package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.

CVSS Scores

version 3.1