{"id":"CVE-2017-15202","details":"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.","modified":"2026-03-14T09:24:13.511751Z","published":"2017-10-11T01:32:54.740Z","references":[{"type":"ADVISORY","url":"http://openwall.com/lists/oss-security/2017/10/04/9"},{"type":"ADVISORY","url":"https://kanboard.net/news/version-1.0.47"},{"type":"FIX","url":"https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"},{"type":"FIX","url":"https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kanboard/kanboard","events":[{"introduced":"0"},{"last_affected":"c2f8e1c4360cbdd0c740b747d017034d97d8e053"},{"introduced":"0"},{"last_affected":"45753e51d19ac8bd598e014b9a240ab44547c7aa"},{"introduced":"0"},{"last_affected":"e7db71b593f2d9856a5b3aacde00a638d074d601"},{"introduced":"0"},{"last_affected":"395a8a5f2a4976b80432a0d71d51d1bad3d01a83"},{"introduced":"0"},{"last_affected":"a4335c0e52f246ad93965650cedf63af332f8496"},{"introduced":"0"},{"last_affected":"6a41c1448548c261aba69f22ffa0e54a4d45fe09"},{"introduced":"0"},{"last_affected":"4f67a8da321f9cf83dd36f6928c3bf30f2580ce0"},{"introduced":"0"},{"last_affected":"7fb7455814090c3a4cf13fc502511257cf046535"},{"introduced":"0"},{"last_affected":"082fda68ca52e8ace083256c57fd0da9991cde7b"},{"introduced":"0"},{"last_affected":"8fe5df39d97ef851d11931fcf7e906ec08838ef7"},{"introduced":"0"},{"last_affected":"515e29461fcf3060b940cc9304dda254adba2d17"},{"introduced":"0"},{"last_affected":"c5e4c781f5cbda416e0077e88fe75bf5b785f659"},{"introduced":"0"},{"last_affected":"0450d86a18b1bc16b88bf3d3540a00eb9318203e"},{"introduced":"0"},{"last_affected":"e41495a06c3401120a781efdc1a882b85bd5a0cc"},{"introduced":"0"},{"last_affected":"fa59a1487c01b27fb7128c22c472a09c34a7891b"},{"introduced":"0"},{"last_affected":"380aacd3f586089ae5c1e69841c0e0cb99478dcd"},{"introduced":"0"},{"last_affected":"0fa64fc9bd947e2f82f60d63d57479fa4189ef68"},{"introduced":"0"},{"last_affected":"8d24e03b440ed5de90cae41f45d116c8f7e0f87c"},{"introduced":"0"},{"last_affected":"de91d5820b9f987b17bea245ecf999b8e6aa7a81"},{"introduced":"0"},{"last_affected":"dc0749ecce232a5a68d83fbde965ee4ee8e36d00"},{"introduced":"0"},{"last_affected":"06e9486c59831cdd1630647ea7474a39879a37da"},{"introduced":"0"},{"last_affected":"b0a7203d3989558de73c19d034f62cc9a7d5c737"},{"introduced":"0"},{"last_affected":"f8bb0b47736e782033b241e4b9982e5c6ab61ef9"},{"introduced":"0"},{"last_affected":"2fb002c266437597838d4321932da107f398e8fd"},{"introduced":"0"},{"last_affected":"203754649e08dadeb631c2adfb0ccf4819dda941"},{"introduced":"0"},{"last_affected":"695a07fc3efd4ce2c3e9aebe22236fb0d30c19fb"},{"introduced":"0"},{"last_affected":"333bec112ae34e3e8435153355f3ae0ba407f515"},{"introduced":"0"},{"last_affected":"4badb84dbaef0a81e8e292e932769aa3b96099d9"},{"introduced":"0"},{"last_affected":"5672a8c3625d54f66f9bbf10da010a35dc9e95ff"},{"introduced":"0"},{"last_affected":"660bfa72f4b8155a996af697c3f099686245bd88"},{"introduced":"0"},{"last_affected":"a1e2b0f1b88ed445a9dd960d9431fdbcf983fb33"},{"introduced":"0"},{"last_affected":"796ebb956a0e199ce22b7d17e27272ef8ae46b39"},{"introduced":"0"},{"last_affected":"98efcf21e355ed6ac3827058b99df86ca67c75bb"},{"introduced":"0"},{"last_affected":"102de7e3860929e62578a6c96f810252dc572bdf"},{"introduced":"0"},{"last_affected":"ac7dd194b3a3e8a707318f5dfbb463961bded296"},{"introduced":"0"},{"last_affected":"6d2bd7383a8204a85429a88eb7ebe2a36a035455"},{"introduced":"0"},{"last_affected":"d49ce63e51f596ad3bf0d02b689aea673cf544f8"},{"introduced":"0"},{"last_affected":"513aefdb2c092b687c567c62e6e3d70b9bcea4f4"},{"introduced":"0"},{"last_affected":"ba544882dea5e5bf18ca8cae1ee6c479d3ab0f76"},{"introduced":"0"},{"last_affected":"6defc2312f600023e5b9c580ea07a8c1b0e2052b"},{"introduced":"0"},{"last_affected":"8cd45e8dd24b388d2464f2d05c5acdd28f2855de"},{"introduced":"0"},{"last_affected":"a46d66cf8cc58b50f7a05c8c81cc94562b69dd61"},{"introduced":"0"},{"last_affected":"13129699bab220d3f1eae10cbfdb67ad99b4548f"},{"introduced":"0"},{"last_affected":"95ec4b1f71c0679d971035b6c796d32570793879"},{"introduced":"0"},{"last_affected":"6251ac62d43817b996c2f0131433c1955e08a1de"},{"introduced":"0"},{"last_affected":"217977500a6c10f71bcffed19ec6dee2466d4a84"},{"introduced":"0"},{"last_affected":"daccedbdab2709faca6faf8fcc3388f1f9eab07b"},{"fixed":"074f6c104f3e49401ef0065540338fc2d4be79f0"},{"fixed":"3e0f14ae2b0b5a44bd038a472f17eac75f538524"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.0"},{"introduced":"0"},{"last_affected":"1.0.1"},{"introduced":"0"},{"last_affected":"1.0.2"},{"introduced":"0"},{"last_affected":"1.0.3"},{"introduced":"0"},{"last_affected":"1.0.4"},{"introduced":"0"},{"last_affected":"1.0.5"},{"introduced":"0"},{"last_affected":"1.0.6"},{"introduced":"0"},{"last_affected":"1.0.7"},{"introduced":"0"},{"last_affected":"1.0.8"},{"introduced":"0"},{"last_affected":"1.0.9"},{"introduced":"0"},{"last_affected":"1.0.10"},{"introduced":"0"},{"last_affected":"1.0.11"},{"introduced":"0"},{"last_affected":"1.0.12"},{"introduced":"0"},{"last_affected":"1.0.13"},{"introduced":"0"},{"last_affected":"1.0.14"},{"introduced":"0"},{"last_affected":"1.0.15"},{"introduced":"0"},{"last_affected":"1.0.16"},{"introduced":"0"},{"last_affected":"1.0.17"},{"introduced":"0"},{"last_affected":"1.0.18"},{"introduced":"0"},{"last_affected":"1.0.19"},{"introduced":"0"},{"last_affected":"1.0.20"},{"introduced":"0"},{"last_affected":"1.0.21"},{"introduced":"0"},{"last_affected":"1.0.22"},{"introduced":"0"},{"last_affected":"1.0.23"},{"introduced":"0"},{"last_affected":"1.0.24"},{"introduced":"0"},{"last_affected":"1.0.25"},{"introduced":"0"},{"last_affected":"1.0.26"},{"introduced":"0"},{"last_affected":"1.0.27"},{"introduced":"0"},{"last_affected":"1.0.28"},{"introduced":"0"},{"last_affected":"1.0.29"},{"introduced":"0"},{"last_affected":"1.0.30"},{"introduced":"0"},{"last_affected":"1.0.31"},{"introduced":"0"},{"last_affected":"1.0.32"},{"introduced":"0"},{"last_affected":"1.0.33"},{"introduced":"0"},{"last_affected":"1.0.34"},{"introduced":"0"},{"last_affected":"1.0.35"},{"introduced":"0"},{"last_affected":"1.0.36"},{"introduced":"0"},{"last_affected":"1.0.37"},{"introduced":"0"},{"last_affected":"1.0.38"},{"introduced":"0"},{"last_affected":"1.0.39"},{"introduced":"0"},{"last_affected":"1.0.40"},{"introduced":"0"},{"last_affected":"1.0.41"},{"introduced":"0"},{"last_affected":"1.0.42"},{"introduced":"0"},{"last_affected":"1.0.43"},{"introduced":"0"},{"last_affected":"1.0.44"},{"introduced":"0"},{"last_affected":"1.0.45"},{"introduced":"0"},{"last_affected":"1.0.46"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.2","v1.0.20","v1.0.21","v1.0.22","v1.0.23","v1.0.24","v1.0.25","v1.0.26","v1.0.27","v1.0.28","v1.0.29","v1.0.3","v1.0.30","v1.0.31","v1.0.32","v1.0.33","v1.0.34","v1.0.35","v1.0.36","v1.0.37","v1.0.38","v1.0.39","v1.0.4","v1.0.40","v1.0.41","v1.0.42","v1.0.43","v1.0.44","v1.0.45","v1.0.46","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0.31-beta0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.31-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.32-beta0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.32-beta1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15202.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}