Get Started

Project and Agile Management

Selected category
11 Jun 2024 Project and Agile Management
OpenProject: Misconfigured Tablesorter Enables Stored XSS Attacks in Cost Reports

In OpenProject a high severity vulnerability CVE-2024-35224 was detected. A project admin could exploit a bug in the Cost Report feature to insert harmful code. Updating to version 13.4.2, 14.0.2, or 14.1.0 resolves this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35224/.

 Read more Project Management
10 Jun 2024 Project and Agile Management
Kanboard: Vulnerability Enables Attackers to Hijack Projects

In Kanboard version 1.2.36 a high severity vulnerability CVE-2024-36399 was detected. This vulnerability allows attackers to take over any other project. To address this issue, users need to update to version 1.2.37. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36399/.

 Read more Project Management
15 May 2024 Project and Agile Management
Kimai: Inconsistency Between UI and API Access in ‘view_other_timesheet’ Permission

In Kimai all versions before 2.13.0 a medium severity vulnerability CVE-2024-29200 was detected. Setting the “view_other_timesheet” permission to true allows users to see only their team’s timesheet entries in the Kimai UI, but when using the API, it returns all timesheet entries, regardless of team memberships. This vulnerability is resolved in version 2.13.0. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29200/.

 Read more Project Management
13 May 2024 Project and Agile Management
iTop: Safeguarding Webpages with Proper Dashlet Refreshing Protocols

In iTop a high severity vulnerability CVE-2023-47622 was detected. Refreshing dashlets could allow attackers to inject harmful code into the webpage if the system doesn’t properly clean up user-entered data. The issue is resolved in versions 3.0.4 and 3.1.1. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-47622/.

 Read more IT Business Management
8 May 2024 Project and Agile Management
iTop: Risks in CSV and Excel Files from Backoffice or Portals

In iTop a high severity vulnerability CVE-2023-48709 was detected. Users need to be careful when opening CSV or Excel files from the back office or portal as they may contain dangerous formulas that can lead to malicious code being executed on your computer, especially in Excel 2016. The issue is resolved in iTop 2.7.9, 3.0.4, 3.1.1, and 3.2.0 versions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48709/.

 Read more IT Business Management
7 May 2024 Project and Agile Management
iTop: Vulnerability Fix for Accessing Restricted Files

In iTop a critical severity vulnerability CVE-2023-48710 was detected. Due to this vulnerability files from the env-production folder, which should be restricted, were accessible, potentially exposing sensitive data from third-party modules. To address this issue, users should update iTop to versions 2.7.10, 3.0.4, 3.1.1 and 3.2.0. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48710/.

 Read more IT Business Management
24 Apr 2024 Project and Agile Management
Ansible: Critical Jinja2 Template Injection Opens Door to Remote Code Execution in Celery

In Ansible versions v3.0.0-v3.10.6 a critical security vulnerability, CVE-2024-29202 was detected. This vulnerability allows attackers to steal sensitive data. To address this issue, users are advised to upgrade to v3.10.7. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29202.

 Read more IT Business Management