CNNVD-202602-2286 Information
CNNVD ID
CNNVD-202602-2286
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
Kanboard是Kanboard开源的一套开源的可视化任务板软件。该软件能够根据业务定制面板。 Kanboard 1.2.50之前版本存在安全漏洞,该漏洞源于TaskCreationController::duplicateProjects端点未验证用户对目标项目的权限,可能导致经过身份验证的用户将任务复制到其无法访问的项目中。
Description (English)
Kanboard is an open-source, visualized taskboard software for Kanboard. The software is able to customize the panel according to business. The security gap in the previous version of Kanboard 1.2.50, which originated from the fact that the TaskCreationController::dupliciteProjects endpoint did not verify the user ’ s permission to the target item, could result in an authentication user copying the task to a project that it could not access.
Vulnerability Type
其他
Affected Vendor
Kanboard
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/kanboard/kanboard/commit/df7b7a21ee071f36466d8b38e40d0b0b8b8d394d https://github.com/kanboard/kanboard/releases/tag/v1.2.50 https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9
Patch
https://github.com/kanboard/kanboard/releases/
Share on: