Huseynkhanli

**Name of the Vulnerable Software and Affected Versions** HedgeDoc versions prior to 1.10.6 **Description** HedgeDoc is a real-time, collaborative, markdown notes application. Versions before 1.10.6 had a permissive Content-Security-Policy for files served under the `/uploads/` endpoint. This allowed for the hosting of malicious interactive web content, such as fake login forms, using SVG files. The `/uploads/` API endpoint was affected. **Recommendations** Update to version 1.10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Kimai versions prior to 2.46.0 **Description** Kimai is a web-based multi-user time-tracking application. The export functionality utilizes a Twig sandbox with an overly permissive security policy (`DefaultPolicy`), enabling arbitrary method calls on objects within the template context. An authenticated user possessing export permissions can leverage this to deploy a malicious Twig template, potentially extracting sensitive information. This information includes environment variables, all user password hashes, serialized session tokens, and CSRF tokens. **Recommendations** Update to version 2.46.0 or later.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are susceptible to an Open Redirect issue, allowing attackers to redirect authenticated users to malicious websites. Attackers can bypass the `filter var($url, FILTER VALIDATE URL)` validation check by crafting URLs such as `//evil.com`. This could be used to conduct phishing attacks, steal user credentials, or distribute malware. **Recommendations** Update Kanboard to version 1.2.49 or later.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below contain an LDAP Injection issue within the LDAP authentication mechanism. User-supplied input is directly incorporated into LDAP search filters without sufficient sanitization. This allows attackers to enumerate all LDAP users, obtain sensitive user attributes, and conduct targeted attacks against specific accounts. The issue is addressed in version 1.2.49. **Recommendations** Update Kanboard to version 1.2.49 or later.

**Name of the Vulnerable Software and Affected Versions** Kanboard versions 1.2.48 and below **Description** Kanboard is project management software based on the Kanban methodology. When the `REVERSE PROXY AUTH` setting is enabled, the application does not properly verify the source of HTTP headers used for user authentication, leading to a critical authentication bypass. An attacker can exploit this by sending spoofed HTTP headers to impersonate any user, including administrators. The application blindly trusts these headers without confirming they originate from a trusted reverse proxy. **Recommendations** Kanboard versions 1.2.48 and below: Upgrade to version 1.2.49 or later.