CVE-2024-51747
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
Kanboard, a project management software focusing on the Kanban methodology, has a vulnerability where an authenticated Kanboard admin can read and delete arbitrary files from the server. This is possible due to how file attachments are resolved through the 'path' entry in the 'project_has_files' SQLite database. An attacker who can upload a modified sqlite.db through the dedicated feature can set arbitrary file links by abusing path traversals. When the modified db is uploaded and the project page is accessed, a file download can be triggered, allowing all files readable within the Kanboard application permissions to be downloaded.
Impact
This vulnerability has a high severity with a CVSS v3.1 base score of 9.1. It allows for unauthorized access to potentially sensitive files on the server, which could lead to data breaches, information disclosure, and potential system compromise. The attacker could read and delete arbitrary files, potentially causing data loss or system instability. Given the "Changed" scope in the CVSS score, this vulnerability might have impacts beyond the vulnerable component itself.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available. This vulnerability has been addressed in Kanboard version 1.2.42. All users are advised to upgrade to this version or later.
Mitigation
The primary mitigation is to upgrade Kanboard to version 1.2.42 or later. There are no known workarounds for this vulnerability, making the upgrade crucial. In addition to upgrading, it's recommended to: 1. Restrict admin access to trusted personnel only. 2. Monitor system logs for any suspicious file access or modification attempts. 3. Implement strong access controls and authentication mechanisms. 4. Regularly backup important data to mitigate potential data loss from file deletions. 5. Consider implementing additional file integrity monitoring tools to detect unauthorized changes to system files.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Timeline
NVD published the first details for CVE-2024-51747
A CVSS base score of 9.1 has been assigned.
Feedly found the first article mentioning CVE-2024-51747. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.04% (Percentile: 11.6%)