Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.