In Kanboard versions prior to 1.2.43 a medium severity vulnerability CVE-2024-55603 was detected. This vulnerability allows attackers to use expired sessions as they remain valid due to improper verification of session lifetime in the database. To address this issue, users should upgrade Kanboard to version 1.2.43. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55603.
Read more Project ManagementIn Kanboard version 1.2.40 a medium severity vulnerability CVE-2024-54001 was detected. This vulnerability allows attackers to inject malicious HTML or JavaScript into the application, potentially leading to unauthorized actions or data theft. To fix this issue, users should upgrade Kanboard to version 1.2.41. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54001.
Read more Project ManagementIn Kanboard versions before 1.2.41 a high severity vulnerability CVE-2024-51748 was detected. This vulnerability allows attackers to execute arbitrary PHP code on the server by exploiting a misconfigured file path in the sqlite.db
settings. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51748.
In Kanboard versions prior to 1.2.42 a critical severity vulnerability CVE-2024-51747 was detected. This vulnerability allows attackers to exploit misconfigured file paths in the database, enabling them to read or delete arbitrary files on the server. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51747.
Read more Project ManagementIn OpenProject versions before 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users with a fake HOST header, affecting default installations. Upgrade to version 14.3.0 to fix this by rejecting invalid hostnames. If upgrading isn’t possible, use mod_security for Apache, adjust Host and X-Forwarded-Host headers manually, or apply a patch for older versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.
Read more Project ManagementIn OpenProject versions prior to 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users to fake sites to steal their credentials. To fix this problem, users should upgrade OpenProject to version 14.3.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.
Read more Project ManagementIn OpenProject a high severity vulnerability CVE-2024-35224 was detected. A project admin could exploit a bug in the Cost Report feature to insert harmful code. Updating to version 13.4.2, 14.0.2, or 14.1.0 resolves this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35224/.
Read more Project ManagementIn Kanboard version 1.2.36 a high severity vulnerability CVE-2024-36399 was detected. This vulnerability allows attackers to take over any other project. To address this issue, users need to update to version 1.2.37. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36399/.
Read more Project ManagementIn Kimai all versions before 2.13.0 a medium severity vulnerability CVE-2024-29200 was detected. Setting the “view_other_timesheet” permission to true allows users to see only their team’s timesheet entries in the Kimai UI, but when using the API, it returns all timesheet entries, regardless of team memberships. This vulnerability is resolved in version 2.13.0. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29200/.
Read more Project Management