CVE-2014-3920

Published: Jul 3, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.

Affected (7)

Products: Kanboard: Kanboard

Kanboard

1 product

Kanboard

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Kanboard Kanboard	Up to 1.0.6
Kanboard Kanboard	Version 1.0.0
Kanboard Kanboard	Version 1.0.1
Kanboard Kanboard	Version 1.0.2
Kanboard Kanboard	Version 1.0.3
Kanboard Kanboard	Version 1.0.4
Kanboard Kanboard	Version 1.0.5