ByteOS Network

Vulnerability Details :

CVE-2017-15209

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-10 Oct, 2017 | 05:00

Updated At-16 Sep, 2024 | 20:58

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:10 Oct, 2017 | 05:00

Updated At:16 Sep, 2024 | 20:58

▼CVE Numbering Authority (CNA)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://openwall.com/lists/oss-security/2017/10/04/9	x_refsource_MISC
https://kanboard.net/news/version-1.0.47	x_refsource_MISC
https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1	x_refsource_MISC

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Resource:

x_refsource_MISC

Hyperlink: https://kanboard.net/news/version-1.0.47

Resource:

x_refsource_MISC

Hyperlink: https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://openwall.com/lists/oss-security/2017/10/04/9	x_refsource_MISC x_transferred
https://kanboard.net/news/version-1.0.47	x_refsource_MISC x_transferred
https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1	x_refsource_MISC x_transferred

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://kanboard.net/news/version-1.0.47

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:11 Oct, 2017 | 01:32

Updated At:13 May, 2026 | 00:24

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:N

CPE Matches

kanboard>>kanboard>>1.0.0

cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.1

cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.2

cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.3

cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.4

cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.5

cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.6

cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.7

cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.8

cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.9

cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.10

cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.11

cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.12

cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.13

cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.14

cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.15

cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.16

cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.17

cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.18

cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.19

cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.20

cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.21

cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.22

cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.23

cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.24

cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.25

cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.26

cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.27

cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.28

cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.29

cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.30

cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*

kanboard>>kanboard>>1.0.31

cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*

kanboard>>kanboard>>1.0.32

cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*

kanboard>>kanboard>>1.0.33

cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.34

cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.35

cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.36

cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.37

cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.38

cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.39

cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.40

cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.41

cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.42

cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.43

cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.44

cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*

kanboard>>kanboard>>1.0.45

cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-639	Primary	nvd@nist.gov

CWE ID: CWE-639

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://openwall.com/lists/oss-security/2017/10/04/9	cve@mitre.org	Mailing List Third Party Advisory VDB Entry
https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1	cve@mitre.org	Patch Third Party Advisory
https://kanboard.net/news/version-1.0.47	cve@mitre.org	Release Notes Vendor Advisory
http://openwall.com/lists/oss-security/2017/10/04/9	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory VDB Entry
https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://kanboard.net/news/version-1.0.47	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Source: cve@mitre.org

Resource:

Mailing List

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://kanboard.net/news/version-1.0.47

Source: cve@mitre.org

Resource:

Release Notes

Vendor Advisory

Hyperlink: http://openwall.com/lists/oss-security/2017/10/04/9

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Third Party Advisory

Hyperlink: https://kanboard.net/news/version-1.0.47

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Similar CVEs

54Records found

CVE-2025-61950

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 8.67%

7 Day CHG~0.00%

Published-12 Dec, 2025 | 05:02

Updated-17 Feb, 2026 | 15:43

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2.

Vendor-groupsession Japan Total System Co.,Ltd.

Product-groupsession GroupSession byCloud GroupSession Free edition GroupSession ZION

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2019-19259

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.06% / 18.83%

7 Day CHG~0.00%

Published-03 Jan, 2020 | 16:30

Updated-05 Aug, 2024 | 02:09

GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).

Vendor-n/a GitLab Inc.

Product-gitlab n/a

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2019-17604

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.22% / 44.34%

7 Day CHG~0.00%

Published-07 Nov, 2019 | 15:24

Updated-05 Aug, 2024 | 01:47

An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).

Vendor-eyecomms n/a

Product-eyecms n/a

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2019-14725

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.21% / 43.95%

7 Day CHG~0.00%

Published-11 Sep, 2019 | 11:26

Updated-05 Aug, 2024 | 00:26

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.

Vendor-control-webpanel n/a

Product-webpanel n/a

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2017-15209

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs