Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Only the latest stable version is supported.

Reporting a Vulnerability

Do not open a new GitHub issue if the bug is a security vulnerability.

Preferably, report the vulnerability privately using GitHub (documentation).

If you do not want to use GitHub, send an email to security AT kanboard DOT net with all the steps to reproduce the problem.

Keep in mind that this software is in maintenance mode.

Missing HTML escaping when showing group membership in user profile
GHSA-8p3h-v7fc-xppj published Feb 3, 2024 by fguillot

Low
Multiple Authenticated SQL Injections
GHSA-9gvq-78jp-jxcx published Jul 3, 2023 by fguillot

High
Missing access control in internal task links feature
GHSA-wfch-8rhv-v286 published Jun 3, 2023 by fguillot

Moderate
Stored XSS in the Task External Link Functionality
GHSA-8qvf-9847-gpc9 published Jun 3, 2023 by fguillot

Moderate
Missing Access Control allows User to move and duplicate tasks to any project in the software
GHSA-gf8r-4p6m-v8vr published Jun 3, 2023 by fguillot

Moderate
Parameter based Indirect Object Referencing leading to private file exposure
GHSA-r36m-44gg-wxg2 published Jun 3, 2023 by fguillot

Moderate
Clipboard based cross-site scripting (blocked with default CSP)
GHSA-hjmw-gm82-r4gv published May 24, 2023 by fguillot

Moderate

Learn more about advisories related to kanboard/kanboard in the GitHub Advisory Database