CVE-2023-33970

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.30

Description A missing access control issue was found in Kanboard, allowing a user with the lowest privileges to leak all task and project titles, even if they are not invited or it's a personal project. This could lead to private or critical information being leaked if such information is in the title.

Recommendations For versions prior to 1.2.30, upgrade to version 1.2.30 to address the issue. As a temporary workaround, consider restricting access to sensitive projects and tasks to minimize the risk of exploitation.