Home > Vulnerability Database > CVE-2023-33968

Mend.io Vulnerability Database

CVE-2023-33968

Good to know:

Date: June 5, 2023

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

5.4

Related Resources (5)

Url: https://security-tracker.debian.org/tracker/CVE-2023-33968

Url: https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr

Url: https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33968

Url: https://www.mend.io/vulnerability-database/CVE-2023-33968

Severity Score

5.4

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version v1.2.30

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33968

Good to know:

Date: June 5, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?