{"id":"CVE-2017-15201","details":"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.","modified":"2026-04-24T12:03:48.345109Z","published":"2017-10-11T01:32:54.693Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:kanboard:kanboard:1.0.31:beta0:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.0.31-beta0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:kanboard:kanboard:1.0.31:beta1:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.0.31-beta1"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:kanboard:kanboard:1.0.32:beta0:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.0.32-beta0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:kanboard:kanboard:1.0.32:beta1:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.0.32-beta1"}]}]},"references":[{"type":"ADVISORY","url":"http://openwall.com/lists/oss-security/2017/10/04/9"},{"type":"ADVISORY","url":"https://kanboard.net/news/version-1.0.47"},{"type":"FIX","url":"https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"},{"type":"FIX","url":"https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kanboard/kanboard","events":[{"introduced":"0"},{"last_affected":"c2f8e1c4360cbdd0c740b747d017034d97d8e053"},{"last_affected":"45753e51d19ac8bd598e014b9a240ab44547c7aa"},{"last_affected":"e7db71b593f2d9856a5b3aacde00a638d074d601"},{"last_affected":"395a8a5f2a4976b80432a0d71d51d1bad3d01a83"},{"last_affected":"a4335c0e52f246ad93965650cedf63af332f8496"},{"last_affected":"6a41c1448548c261aba69f22ffa0e54a4d45fe09"},{"last_affected":"4f67a8da321f9cf83dd36f6928c3bf30f2580ce0"},{"last_affected":"7fb7455814090c3a4cf13fc502511257cf046535"},{"last_affected":"082fda68ca52e8ace083256c57fd0da9991cde7b"},{"last_affected":"8fe5df39d97ef851d11931fcf7e906ec08838ef7"},{"last_affected":"515e29461fcf3060b940cc9304dda254adba2d17"},{"last_affected":"c5e4c781f5cbda416e0077e88fe75bf5b785f659"},{"last_affected":"0450d86a18b1bc16b88bf3d3540a00eb9318203e"},{"last_affected":"e41495a06c3401120a781efdc1a882b85bd5a0cc"},{"last_affected":"fa59a1487c01b27fb7128c22c472a09c34a7891b"},{"last_affected":"380aacd3f586089ae5c1e69841c0e0cb99478dcd"},{"last_affected":"0fa64fc9bd947e2f82f60d63d57479fa4189ef68"},{"last_affected":"8d24e03b440ed5de90cae41f45d116c8f7e0f87c"},{"last_affected":"de91d5820b9f987b17bea245ecf999b8e6aa7a81"},{"last_affected":"dc0749ecce232a5a68d83fbde965ee4ee8e36d00"},{"last_affected":"06e9486c59831cdd1630647ea7474a39879a37da"},{"last_affected":"b0a7203d3989558de73c19d034f62cc9a7d5c737"},{"last_affected":"f8bb0b47736e782033b241e4b9982e5c6ab61ef9"},{"last_affected":"2fb002c266437597838d4321932da107f398e8fd"},{"last_affected":"203754649e08dadeb631c2adfb0ccf4819dda941"},{"last_affected":"695a07fc3efd4ce2c3e9aebe22236fb0d30c19fb"},{"last_affected":"333bec112ae34e3e8435153355f3ae0ba407f515"},{"last_affected":"4badb84dbaef0a81e8e292e932769aa3b96099d9"},{"last_affected":"5672a8c3625d54f66f9bbf10da010a35dc9e95ff"},{"last_affected":"660bfa72f4b8155a996af697c3f099686245bd88"},{"last_affected":"a1e2b0f1b88ed445a9dd960d9431fdbcf983fb33"},{"last_affected":"796ebb956a0e199ce22b7d17e27272ef8ae46b39"},{"last_affected":"98efcf21e355ed6ac3827058b99df86ca67c75bb"},{"last_affected":"102de7e3860929e62578a6c96f810252dc572bdf"},{"last_affected":"ac7dd194b3a3e8a707318f5dfbb463961bded296"},{"last_affected":"6d2bd7383a8204a85429a88eb7ebe2a36a035455"},{"last_affected":"d49ce63e51f596ad3bf0d02b689aea673cf544f8"},{"last_affected":"513aefdb2c092b687c567c62e6e3d70b9bcea4f4"},{"last_affected":"ba544882dea5e5bf18ca8cae1ee6c479d3ab0f76"},{"last_affected":"6defc2312f600023e5b9c580ea07a8c1b0e2052b"},{"last_affected":"8cd45e8dd24b388d2464f2d05c5acdd28f2855de"},{"last_affected":"a46d66cf8cc58b50f7a05c8c81cc94562b69dd61"},{"last_affected":"13129699bab220d3f1eae10cbfdb67ad99b4548f"},{"last_affected":"95ec4b1f71c0679d971035b6c796d32570793879"},{"last_affected":"6251ac62d43817b996c2f0131433c1955e08a1de"},{"last_affected":"217977500a6c10f71bcffed19ec6dee2466d4a84"},{"last_affected":"daccedbdab2709faca6faf8fcc3388f1f9eab07b"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:kanboard:kanboard:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.1:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.3:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.4:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.5:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.6:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.7:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.8:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.9:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.10:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.11:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.12:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.13:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.14:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.15:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.16:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.17:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.18:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.19:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.20:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.21:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.22:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.23:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.24:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.25:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.26:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.27:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.28:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.29:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.30:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.31:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.32:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.33:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.34:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.35:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.36:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.37:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.38:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.39:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.40:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.41:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.42:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.43:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.44:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.45:*:*:*:*:*:*:*","cpe:2.3:a:kanboard:kanboard:1.0.46:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.0.0"},{"last_affected":"1.0.1"},{"last_affected":"1.0.2"},{"last_affected":"1.0.3"},{"last_affected":"1.0.4"},{"last_affected":"1.0.5"},{"last_affected":"1.0.6"},{"last_affected":"1.0.7"},{"last_affected":"1.0.8"},{"last_affected":"1.0.9"},{"last_affected":"1.0.10"},{"last_affected":"1.0.11"},{"last_affected":"1.0.12"},{"last_affected":"1.0.13"},{"last_affected":"1.0.14"},{"last_affected":"1.0.15"},{"last_affected":"1.0.16"},{"last_affected":"1.0.17"},{"last_affected":"1.0.18"},{"last_affected":"1.0.19"},{"last_affected":"1.0.20"},{"last_affected":"1.0.21"},{"last_affected":"1.0.22"},{"last_affected":"1.0.23"},{"last_affected":"1.0.24"},{"last_affected":"1.0.25"},{"last_affected":"1.0.26"},{"last_affected":"1.0.27"},{"last_affected":"1.0.28"},{"last_affected":"1.0.29"},{"last_affected":"1.0.30"},{"last_affected":"1.0.31"},{"last_affected":"1.0.32"},{"last_affected":"1.0.33"},{"last_affected":"1.0.34"},{"last_affected":"1.0.35"},{"last_affected":"1.0.36"},{"last_affected":"1.0.37"},{"last_affected":"1.0.38"},{"last_affected":"1.0.39"},{"last_affected":"1.0.40"},{"last_affected":"1.0.41"},{"last_affected":"1.0.42"},{"last_affected":"1.0.43"},{"last_affected":"1.0.44"},{"last_affected":"1.0.45"},{"last_affected":"1.0.46"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.2","v1.0.20","v1.0.21","v1.0.22","v1.0.23","v1.0.24","v1.0.25","v1.0.26","v1.0.27","v1.0.28","v1.0.29","v1.0.3","v1.0.30","v1.0.31","v1.0.32","v1.0.33","v1.0.34","v1.0.35","v1.0.36","v1.0.37","v1.0.38","v1.0.39","v1.0.4","v1.0.40","v1.0.41","v1.0.42","v1.0.43","v1.0.44","v1.0.45","v1.0.46","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15201.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}