Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NKanboard
APPKanboard< 1.2.49
Related vulnerabilities
Kanboard: niebezpieczna deserializacja PHP umożliwiająca RCE
Kanboard: RCE przez path traversal w imporcie bazy SQLite
Kanboard: path traversal umożliwiający odczyt i usunięcie plików przez admina
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite...
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authen...