In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.