{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2017/10/04/9"}, {"tags": ["x_refsource_MISC"], "url": "https://kanboard.net/news/version-1.0.47"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2017/10/04/9", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/10/04/9"}, {"name": "https://kanboard.net/news/version-1.0.47", "refsource": "MISC", "url": "https://kanboard.net/news/version-1.0.47"}, {"name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1", "refsource": "MISC", "url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15209", "datePublished": "2022-10-03T16:23:33", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9FFA667-B2E5-464E-9B11-3B98283AD2C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F126BD8-B6F8-43BF-96CF-B11F2E9CB9F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3507C156-EB3B-470C-B895-F71845D2368E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E0902C1-DECB-4183-B369-511E2768D995", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AA633272-8FA7-407C-9B3E-2D876B7271F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "B306B73B-15B3-4B8B-9095-3642F8B47924", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FA40036-AC79-4367-BACB-B0B1451C5BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C86BF2C5-D92F-41B4-B381-6D21BAA2D913", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A62EF43A-C147-4C11-BD6E-82CF941AEBD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "958B6A4D-C466-4361-AA0A-5EB3D111C4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "C7C42F62-CD96-4727-9CD0-C3BD81418E53", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "970266EC-8452-4A06-81AC-05CF336D3C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "1FE55D52-992D-4E67-BB6C-2E80299D22E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "DCE0BBFF-553F-4518-809B-BF136B7ABC71", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "E2EFAF36-875E-41DB-BFB8-45846E29903E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "C1333058-CD6D-4F7D-8C07-D4352D2FA9DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "C3952635-F178-4AC0-8FE7-1034E0078AC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "7512FB30-BE2A-4CDA-8B77-44234223B578", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "971C5D44-1406-4446-BEFE-20EF9ECDFFF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "0045683B-30D9-4A04-A3A4-4DB903245380", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "2BF439AC-B790-45D7-9C25-1C9195924ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "A4FDBF54-282B-49A1-8095-811A5B998EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "F650F14A-6A3E-4FD2-BCA1-6AF29278B827", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "91C4B000-72B1-4E5F-814E-FBE2CEC602A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "9249BDDA-4E2D-421D-8285-926FC400AC58", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "B3B8946D-2BF0-47FD-BEA0-0C2C74126142", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "A0315865-561D-4EA2-B361-FDB6D03FF5B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "2E0FC480-9E2A-4A76-92FF-60E6239CE89F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "3BA990B5-D038-4E5E-8FAF-035460BD4146", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "070A3295-AFD7-473F-A9DA-ACF84C33274E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "3B0B924E-76CE-412D-A47A-417B7C5E3454", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "E7B48D3D-556D-4942-99E6-E6135400B2A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*", "matchCriteriaId": "08E6DE90-A247-4B72-A05C-61C9496E0D9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*", "matchCriteriaId": "15D496D1-DF37-4B06-BAE5-485D5141E1A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "CC6332E7-A86D-4B09-93B3-815797E92A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*", "matchCriteriaId": "CC8AE758-147C-4786-89CE-D2876C23BA5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*", "matchCriteriaId": "4781CBDB-35CA-43BC-B031-34DB66B16D13", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "16F193B8-C859-47A5-9D1C-510925E9478C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "CF622DE0-35C4-4F04-B74A-4127A885395F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "98B3CDED-1284-45F7-93E2-F3CBFD2BB79C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "2A4CD995-FEF9-47DE-A5AB-671471773DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "60825078-59BC-45AD-B644-B23973233B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "4695EEFA-1098-4741-A4C5-39D613880091", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "49DD1826-5FC0-4773-AFFB-EAE3CFA4AC46", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "5033EDD4-9217-467E-91E9-8805B3667E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "C04963CA-D17A-4847-B022-187D33134A74", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "868722FE-E626-427A-8B24-58A8214824A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "FB2AF76B-C4CA-40D1-829C-E80560E14FDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "82D7AE61-C248-4E95-8878-903A188B41C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "467A191D-9A57-4B53-AD41-30CF317AA102", "vulnerable": true}, {"criteria": "cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "41590AFF-2DB4-4D37-8CF8-84FCF85BB75B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user."}, {"lang": "es", "value": "En Kanboard en versiones anteriores a 1.0.47, al alterar los datos del formulario, un usuario autenticado puede eliminar adjuntos de un proyecto privado de otro usuario."}], "id": "CVE-2017-15209", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-11T01:32:55.050", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://openwall.com/lists/oss-security/2017/10/04/9"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://kanboard.net/news/version-1.0.47"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}