CVE-2024-55603 – This vulnerability allows attackers to use expi... (How to Fix)

Q: What is the severity of CVE-2024-55603?

CVE-2024-55603 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to use expired session IDs to maintain unauthorized access to Kanboard instances. It affects all Kanboard users running versions before 1.2.43 due to improper session expiration validation in the custom session handler.

📋 TL;DR

This vulnerability allows attackers to use expired session IDs to maintain unauthorized access to Kanboard instances. It affects all Kanboard users running versions before 1.2.43 due to improper session expiration validation in the custom session handler.

💻 Affected Systems

Products:

Kanboard

Versions: All versions before 1.2.43

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Official Docker image uses vulnerable default PHP session garbage collection settings (session.gc_probability=1, session.gc_divisor=1000).

📦 What is this software?

Kanboard by Kanboard

View all CVEs affecting Kanboard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers maintain persistent unauthorized access to user accounts even after sessions should have expired, potentially leading to data theft, privilege escalation, or unauthorized project modifications.

🟠

Likely Case

Session hijacking where attackers reuse stolen session IDs beyond their intended lifetime to access user accounts.

🟢

If Mitigated

Limited impact with proper session management controls and monitoring, though expired sessions could still be briefly usable.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires obtaining valid session IDs through other means (XSS, MITM, etc.), but reuse is trivial once obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.43

Vendor Advisory: https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484

Restart Required: Yes

Instructions:

1. Backup your Kanboard installation and database. 2. Download Kanboard 1.2.43 or later from official sources. 3. Replace existing files with new version. 4. Clear browser sessions. 5. Restart web server.

🔧 Temporary Workarounds

Manual session cleanup

all

Manually delete expired sessions from database and adjust PHP garbage collection settings

DELETE FROM sessions WHERE expires_at < UNIX_TIMESTAMP()
php -r "session_start(); session_gc();"

🧯 If You Can't Patch

Implement strict session monitoring and alerting for unusual session durations
Enforce shorter session timeouts at application level and require frequent re-authentication

🔍 How to Verify

Check if Vulnerable:

Check Kanboard version in admin panel or via 'cat app/constants.php | grep APP_VERSION'

Check Version:

grep "APP_VERSION'" app/constants.php

Verify Fix Applied:

Verify version is 1.2.43 or later and test that expired sessions are properly invalidated

📡 Detection & Monitoring

Log Indicators:

Session IDs used beyond their expiration time
Multiple successful logins with same session ID over extended periods

Network Indicators:

Repeated requests with same session cookie over long durations

SIEM Query:

source="kanboard.log" AND "session_id" AND duration > 3600

📊 Metadata

CVE ID: CVE-2024-55603

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-613

Published: December 19, 2024

Last Updated: March 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55603, you might also want to check these: