How severe is CVE-2024-36399?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-36399?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-36399

MEDIUM Year: 2024

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.

CVE-2015-6933

MEDIUM

CVSS:6.3(Medium)

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allo...

CWE-2842015

CVE-2016-0914

MEDIUM

CVSS:6.3(Medium)

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Doc...

CWE-2842016

CVE-2016-1200

MEDIUM

CVSS:6.3(Medium)

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-11...

CWE-2842016

CVE-2016-1638

MEDIUM

CVSS:6.3(Medium)

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inten...

CWE-2842016

CVE-2016-2277

MEDIUM

CVSS:6.3(Medium)

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

CWE-2842016

CVE-2016-5601

MEDIUM

CVSS:6.3(Medium)

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors re...

CWE-2842016

CVE-2024-36399

Vulnerability Description

Related Vulnerabilities

CVE-2015-6933

CVE-2016-0914

CVE-2016-1200

CVE-2016-1638

CVE-2016-2277

CVE-2016-5601