Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Oct 2017 20:18:40 +0200
From: chbi@...i.eu
To: oss-security@...ts.openwall.com
Subject: Several Privilege Escalation issues in Kanboard <= 1.0.46


Hi,

I've discovered several security issues in Kanboard <= 1.0.46
(https://kanboard.net)



1)
By altering form data an authenticated user can edit Name, Email,
Identifier, Description,... of a private project of another user.


2)
By altering form data an authenticated user can add a new task to a
private project of another user.


3)
By altering form data an authenticated user can edit columns of a
private project of another user.


4)
By altering form data an authenticated user can add a new category to a
private project of another user.


5)
By altering form data an authenticated user can edit a category of a
private project of another user.


6)
By altering form data an authenticated user can edit swimlanes of a
private project of another user.


7)
By altering form data an authenticated user can edit tags of a private
project of another user.


8)
By altering form data an authenticated user can add automatic actions to
a private project of another user.


9)
By altering form data an authenticated user can remove columns from a
private project of another user.


10)
By altering form data an authenticated user can remove categories from a
private project of another user.


11)
By altering form data an authenticated user can at least see the name of
tags of a private project of another user.


12)
By altering form data an authenticated user can remove automatic actions
from a private project of another user.


13)
By altering form data an authenticated user can edit tasks of a private
project of another user.


14)
By altering form data an authenticated user can add a external link to a
private project of another user.


15)
By altering form data an authenticated user can add a internal link to a
private project of another user.


Fix:
https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0
https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524




16)
By altering form data an authenticated user can download attachments
from a private project of another user.


17)
By altering form data an authenticated user can see thumbnails of
pictures from a private project of another user.


18)
By altering form data an authenticated user can remove attachments from
a private project of another user.


Fix:
https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1



The issues are fixed in Kanboard 1.0.47.

https://kanboard.net/news/version-1.0.47




Should I request a CVE ID for each issue or one CVE ID for all issues?

What is the recommended method?



-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc



Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ