Huseynkhanli

**Name of the Vulnerable Software and Affected Versions** HedgeDoc versions prior to 1.10.6 **Description** HedgeDoc is a real-time, collaborative, markdown notes application. Versions before 1.10.6 had a permissive Content-Security-Policy for files served under the `/uploads/` endpoint. This allowed for the hosting of malicious interactive web content, such as fake login forms, using SVG files. The `/uploads/` API endpoint was affected. **Recommendations** Update to version 1.10.6 or later.

Nome do Software Vulnerável e Versões Afetadas Versões do Kimai anteriores à 2.46.0 Descrição O Kimai é um aplicativo web de acompanhamento de tempo multiusuário. A funcionalidade de exportação utiliza um sandbox do Twig com uma política de segurança excessivamente permissiva (`DefaultPolicy`), permitindo chamadas de métodos arbitrários em objetos dentro do contexto do template. Um usuário autenticado com permissões de exportação pode explorar isso para implantar um modelo Twig malicioso, possivelmente extraindo informações sensíveis. Essas informações incluem variáveis de ambiente, todos os hashes de senha de usuários, tokens de sessão serializados e tokens CSRF. Recomendações Atualize para a versão 2.46.0 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are susceptible to an Open Redirect issue, allowing attackers to redirect authenticated users to malicious websites. Attackers can bypass the `filter var($url, FILTER VALIDATE URL)` validation check by crafting URLs such as `//evil.com`. This could be used to conduct phishing attacks, steal user credentials, or distribute malware. **Recommendations** Update Kanboard to version 1.2.49 or later.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below contain an LDAP Injection issue within the LDAP authentication mechanism. User-supplied input is directly incorporated into LDAP search filters without sufficient sanitization. This allows attackers to enumerate all LDAP users, obtain sensitive user attributes, and conduct targeted attacks against specific accounts. The issue is addressed in version 1.2.49. **Recommendations** Update Kanboard to version 1.2.49 or later.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software based on the Kanban methodology. When the `REVERSE PROXY AUTH` setting is enabled, the application does not properly verify the source of HTTP headers used for user authentication, leading to a critical authentication bypass. An attacker can exploit this by sending spoofed HTTP headers to impersonate any user, including administrators. The application blindly trusts these headers without confirming they originate from a trusted reverse proxy. **Recommendations** Kanboard versions 1.2.48 and below: Upgrade to version 1.2.49 or later.