CVE-2024-55603

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 19, 2024

CWE ID 613

Summary

CVE-2024-55603 is a vulnerability affecting the Kanboard project management software. The software, which uses a custom session handler to store session data in a database, fails to verify if a given session ID has expired before querying the data from the sessions table. This allows expired sessions to be used for valid logins, as the SessionHandlerInterface::gc function, which cleans up expired sessions, is only called with a very low probability (1/1000) by default. This issue has been addressed in release 1.2.43 and all users are advised to upgrade as soon as possible. There are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Kanban

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners