CNNVD-202506-3038 Information
CNNVD ID
CNNVD-202506-3038
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.46之前版本存在授权问题漏洞,该漏洞源于未验证Host头导致密码重置链接泄露令牌,可能导致账户接管。
Description (English)
Kanboard is an open-source, visualized taskboard software for Kanboard. The software is able to customize the panel according to business. The previous version of Kanboard 1.2.46 had a mandate gap, which stemmed from the failure to verify the host head, leading to the reshuffle of the link, which could lead to the account being taken over.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
Kanova
Published
2025-06-24
Last Modified
2026-02-24
References
https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75 https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92 https://access.redhat.com/security/cve/cve-2025-52560
Patch
https://github.com/kanboard/kanboard/releases
Share on: