CVE-2024-51747
📋 TL;DR
This vulnerability allows authenticated Kanboard administrators to read and delete arbitrary files on the server by uploading a modified SQLite database file containing path traversal payloads. The attacker can then trigger file downloads through the project interface, potentially accessing sensitive system files. All Kanboard installations below version 1.2.42 are affected.
💻 Affected Systems
- Kanboard
📦 What is this software?
Kanboard by Kanboard
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like /etc/passwd, SSH keys, or database credentials, potentially leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive project files, configuration files, or user data stored on the server, potentially exposing confidential information.
If Mitigated
Limited impact if proper file permissions restrict Kanboard's access to sensitive directories and files.
🎯 Exploit Status
Exploitation requires admin credentials but involves straightforward SQLite database manipulation and path traversal techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.42
Vendor Advisory: https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
Restart Required: Yes
Instructions:
1. Backup your current Kanboard installation and database. 2. Download Kanboard 1.2.42 or later from the official repository. 3. Replace the existing installation files with the new version. 4. Restart your web server (Apache/Nginx) and PHP service. 5. Verify the upgrade by checking the version in Kanboard settings.
🔧 Temporary Workarounds
No official workarounds
allThe vendor advisory states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Immediately revoke admin privileges from all non-essential users and implement strict access controls.
- Implement file system monitoring to detect unauthorized SQLite database modifications and unusual file access patterns.
🔍 How to Verify
Check if Vulnerable:
Check your Kanboard version by logging in as admin and navigating to Settings > About. If version is below 1.2.42, you are vulnerable.Check Version:
grep -r "KANBOARD_VERSION" /path/to/kanboard/ | head -1Verify Fix Applied:
After upgrading, verify the version shows 1.2.42 or higher in Settings > About. Test file upload functionality to ensure path traversal attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQLite database file modifications
- Multiple failed file access attempts with path traversal patterns
- Admin user uploading database files
Network Indicators:
- HTTP requests containing path traversal sequences in file download parameters
- Unusual file download patterns from Kanboard
SIEM Query:
source="web_server" AND (uri="*..*" OR uri="*/download*" OR method="POST" AND uri="*/sqlite*" AND status=200)