FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Kanboard -- Multiple vulnerabilities

Affected packages
		php80-kanboard	<	1.2.30

Details

VuXML ID	bfca647c-0456-11ee-bafd-b42e991fc52e
Discovery	2023-06-05
Entry	2023-06-06

Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities:

security-advisories@github.com reports:

Missing access control in internal task links feature

Stored Cross site scripting in the Task External Link Functionality in Kanboard

Missing Access Control allows User to move and duplicate tasks in Kanboard

Parameter based Indirect Object Referencing leading to private file exposure in Kanboard

[source]

References

CVE Name	CVE-2023-33956
CVE Name	CVE-2023-33968
CVE Name	CVE-2023-33969
CVE Name	CVE-2023-33970
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-33956
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-33968
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-33969
URL	https://nvd.nist.gov/vuln/detail/CVE-2023-33970