{ "id": "CVE-2017-15204", "sourceIdentifier": "cve@mitre.org", "published": "2017-10-11T01:32:54.833", "lastModified": "2019-10-03T00:03:26.223", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user." }, { "lang": "es", "value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir acciones autom\u00e1ticas a un proyecto privado de otro usuario." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-639" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*", "matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*", "matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*", "matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*", "matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102" }, { "vulnerable": true, "criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B" } ] } ] } ], "references": [ { "url": "http://openwall.com/lists/oss-security/2017/10/04/9", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://kanboard.net/news/version-1.0.47", "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ] } ] }