oss-sec mailing list archives

CVE-2017-12850, CVE-2017-12851: Privilege Escalation in Kanboard <= v1.0.45

From: chbi () chbi eu
Date: Tue, 15 Aug 2017 20:54:01 +0200

Hi,

there are two security issues in Kanboard <= v1.0.45 (https://kanboard.net)


CVE-2017-12850:
By altering form data an authenticated standard user can set a new
password for any other user (including the admin) to takeover the account.

Fix:
https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae


CVE-2017-12851:
By altering form data an authenticated standard user can change the mail
address of the admin account to set a new password via "Forgot
password?" to takeover the admin account.

Fix:
https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df


Both issues are fixed in Kanboard v1.0.46.


-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE-2017-12850, CVE-2017-12851: Privilege Escalation in Kanboard <= v1.0.45 chbi (Aug 15)