cve-2017-15197
Vulnerability from cvelistv5
Published
2017-10-10 05:00
Modified
2024-09-17 02:53
Severity ?
EPSS score ?
Summary
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| cve@mitre.org | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/10/04/9 | Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kanboard.net/news/version-1.0.47 | Release Notes, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15197",
"datePublished": "2017-10-10T05:00:00Z",
"dateReserved": "2017-10-10T00:00:00Z",
"dateUpdated": "2024-09-17T02:53:07.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-15197\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-11T01:32:54.473\",\"lastModified\":\"2024-11-21T03:14:11.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.\"},{\"lang\":\"es\",\"value\":\"En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede a\u00f1adir una nueva categor\u00eda a un proyecto privado de otro usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9FFA667-B2E5-464E-9B11-3B98283AD2C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3507C156-EB3B-470C-B895-F71845D2368E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0902C1-DECB-4183-B369-511E2768D995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA633272-8FA7-407C-9B3E-2D876B7271F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B306B73B-15B3-4B8B-9095-3642F8B47924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FA40036-AC79-4367-BACB-B0B1451C5BD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C86BF2C5-D92F-41B4-B381-6D21BAA2D913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A62EF43A-C147-4C11-BD6E-82CF941AEBD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"958B6A4D-C466-4361-AA0A-5EB3D111C4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C42F62-CD96-4727-9CD0-C3BD81418E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"970266EC-8452-4A06-81AC-05CF336D3C6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE55D52-992D-4E67-BB6C-2E80299D22E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE0BBFF-553F-4518-809B-BF136B7ABC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2EFAF36-875E-41DB-BFB8-45846E29903E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1333058-CD6D-4F7D-8C07-D4352D2FA9DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3952635-F178-4AC0-8FE7-1034E0078AC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7512FB30-BE2A-4CDA-8B77-44234223B578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"971C5D44-1406-4446-BEFE-20EF9ECDFFF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0045683B-30D9-4A04-A3A4-4DB903245380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BF439AC-B790-45D7-9C25-1C9195924ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4FDBF54-282B-49A1-8095-811A5B998EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F650F14A-6A3E-4FD2-BCA1-6AF29278B827\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91C4B000-72B1-4E5F-814E-FBE2CEC602A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9249BDDA-4E2D-421D-8285-926FC400AC58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B8946D-2BF0-47FD-BEA0-0C2C74126142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0315865-561D-4EA2-B361-FDB6D03FF5B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E0FC480-9E2A-4A76-92FF-60E6239CE89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BA990B5-D038-4E5E-8FAF-035460BD4146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"070A3295-AFD7-473F-A9DA-ACF84C33274E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0B924E-76CE-412D-A47A-417B7C5E3454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7B48D3D-556D-4942-99E6-E6135400B2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E6DE90-A247-4B72-A05C-61C9496E0D9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"15D496D1-DF37-4B06-BAE5-485D5141E1A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC6332E7-A86D-4B09-93B3-815797E92A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC8AE758-147C-4786-89CE-D2876C23BA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781CBDB-35CA-43BC-B031-34DB66B16D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F193B8-C859-47A5-9D1C-510925E9478C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF622DE0-35C4-4F04-B74A-4127A885395F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B3CDED-1284-45F7-93E2-F3CBFD2BB79C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4CD995-FEF9-47DE-A5AB-671471773DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60825078-59BC-45AD-B644-B23973233B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4695EEFA-1098-4741-A4C5-39D613880091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5033EDD4-9217-467E-91E9-8805B3667E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04963CA-D17A-4847-B022-187D33134A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868722FE-E626-427A-8B24-58A8214824A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB2AF76B-C4CA-40D1-829C-E80560E14FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82D7AE61-C248-4E95-8878-903A188B41C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"467A191D-9A57-4B53-AD41-30CF317AA102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41590AFF-2DB4-4D37-8CF8-84FCF85BB75B\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2017/10/04/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kanboard.net/news/version-1.0.47\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2017/10/04/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kanboard.net/news/version-1.0.47\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.