How severe is CVE-2023-33968?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-33968?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2023-33968 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-3886

MEDIUM

CVSS:5.4(Medium)

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing un...

CWE-8622019

CVE-2019-4158

MEDIUM

CVSS:5.4(Medium)

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 1585...

CWE-8622019

CVE-2020-14213

MEDIUM

CVSS:5.4(Medium)

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

CWE-8622020

CVE-2020-2204

MEDIUM

CVSS:5.4(Medium)

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using at...

CWE-8622020

CVE-2020-6199

MEDIUM

CVSS:5.4(Medium)

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, ...

CWE-8622020

CVE-2020-6212

MEDIUM

CVSS:5.4(Medium)

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not...

CWE-8622020