Package: kanboard
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for kanboard.
CVE-2024-54001[0]:
| Kanboard is project management software that focuses on the Kanban
| methodology. HTML can be injected and stored into the application
| settings section. The fields application_language,
| application_date_format,application_timezone and
| application_time_format allow arbirary user input which is
| reflected. The vulnerability can become xss if the user input is
| javascript code that bypass CSP. This vulnerability is fixed in
| 1.2.41.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-54001
https://www.cve.org/CVERecord?id=CVE-2024-54001
[1]
https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj
Please adjust the affected versions in the BTS as needed.
Best wishes
Matthias
