ByteOS Network

Vulnerability Details :

CVE-2017-15195

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-10 Oct, 2017 | 05:00

Updated At-16 Sep, 2024 | 20:42

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:10 Oct, 2017 | 05:00

Updated At:16 Sep, 2024 | 20:42

▼CVE Numbering Authority (CNA)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0	x_refsource_MISC
http://openwall.com/lists/oss-security/2017/10/04/9	x_refsource_MISC
https://kanboard.net/news/version-1.0.47	x_refsource_MISC
https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524	x_refsource_MISC

Hyperlink: https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0

Resource:

x_refsource_MISC

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Resource:

x_refsource_MISC

Hyperlink: https://kanboard.net/news/version-1.0.47

Resource:

x_refsource_MISC

Hyperlink: https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0	x_refsource_MISC x_transferred
http://openwall.com/lists/oss-security/2017/10/04/9	x_refsource_MISC x_transferred
https://kanboard.net/news/version-1.0.47	x_refsource_MISC x_transferred
https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524	x_refsource_MISC x_transferred

Hyperlink: https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://kanboard.net/news/version-1.0.47

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:11 Oct, 2017 | 01:32

Updated At:20 Apr, 2025 | 01:37

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:N

CPE Matches

kanboard>>kanboard>>1.0.0

cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.1

cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.2

cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.3

cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.4

cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.5

cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.6

cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.7

cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.8

cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.9

cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.10

cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.11

cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.12

cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.13

cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.14

cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.15

cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.16

cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.17

cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.18

cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.19

cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.20

cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.21

cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.22

cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.23

cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.24

cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.25

cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.26

cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.27

cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.28

cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.29

cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.30

cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*

kanboard>>kanboard>>1.0.33

cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.34

cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.35

cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.36

cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.37

cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.38

cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.39

cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.40

cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.41

cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.42

cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.43

cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.44

cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.45

cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-639	Primary	nvd@nist.gov

CWE ID: CWE-639

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://openwall.com/lists/oss-security/2017/10/04/9	cve@mitre.org	Mailing List Third Party Advisory VDB Entry
https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0	cve@mitre.org	Patch Third Party Advisory
https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524	cve@mitre.org	Patch Third Party Advisory
https://kanboard.net/news/version-1.0.47	cve@mitre.org	Release Notes Vendor Advisory
http://openwall.com/lists/oss-security/2017/10/04/9	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory VDB Entry
https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://kanboard.net/news/version-1.0.47	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Source: cve@mitre.org

Resource:

Mailing List

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://kanboard.net/news/version-1.0.47

Source: cve@mitre.org

Resource:

Release Notes

Vendor Advisory

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Third Party Advisory

Hyperlink: https://kanboard.net/news/version-1.0.47

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Similar CVEs

53Records found

CVE-2021-3964

Matching Score-4

Assigner-Protect AI (formerly huntr.dev)

View Details

Matching Score-4

Assigner-Protect AI (formerly huntr.dev)

CVSS Score-4.3||MEDIUM

EPSS-0.18% / 39.27%

7 Day CHG~0.00%

Published-01 Dec, 2021 | 11:25

Updated-03 Aug, 2024 | 17:09

Authorization Bypass Through User-Controlled Key in elgg/elgg

elgg is vulnerable to Authorization Bypass Through User-Controlled Key

Vendor-elgg elgg

Product-elgg elgg/elgg

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2020-26171

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.16% / 36.91%

7 Day CHG~0.00%

Published-18 Dec, 2020 | 09:28

Updated-04 Aug, 2024 | 15:49

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.

Vendor-tangro n/a

Product-business_workflow n/a

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2021-46249

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 36.17%

7 Day CHG~0.00%

Published-15 Feb, 2022 | 22:13

Updated-04 Aug, 2024 | 05:02

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

Vendor-scratchoauth2_project n/a

Product-scratchoauth2 n/a

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2017-15195

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs