CVE-2024-55603

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-55603

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55603.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-55603

Aliases

GHSA-gv5c-8pxr-p484

Downstream

DEBIAN-CVE-2024-55603

Published

2024-12-18T23:52:57.327Z

Modified

2025-12-05T07:34:30.497650Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Insufficient session invalidation in Kanboard

Details

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (app/Core/Session/SessionHandler.php), to store the session data in a database. Therefore, when a session_id is given, kanboard queries the data from the sessions sql table. At this point, it does not correctly verify, if a given session_id has already exceeded its lifetime (expires_at). Thus, a session which's lifetime is already > time(), is still queried from the database and hence a valid login. The implemented SessionHandlerInterface::gc function, that does remove invalid sessions, is called only with a certain probability (Cleans up expired sessions. Called by session_start(), based on session.gc_divisor, session.gc_probability and session.gc_maxlifetime settings) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gcprobability=1, session.gcdivisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-613"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/55xxx/CVE-2024-55603.json"
}

References

Affected packages

Git / github.com/kanboard/kanboard

Affected ranges

Type: GIT
Repo: https://github.com/kanboard/kanboard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e49e6968a587594ed62af193f639313293104e6a

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2

v1.0.20

v1.0.21

v1.0.22

v1.0.23

v1.0.24

v1.0.25

v1.0.26

v1.0.27

v1.0.28

v1.0.29

v1.0.3

v1.0.30

v1.0.31

v1.0.32

v1.0.33

v1.0.34

v1.0.35

v1.0.36

v1.0.37

v1.0.38

v1.0.39

v1.0.4

v1.0.40

v1.0.41

v1.0.42

v1.0.43

v1.0.44

v1.0.45

v1.0.46

v1.0.47

v1.0.48

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.25

v1.2.26

v1.2.27

v1.2.28

v1.2.29

v1.2.3

v1.2.30

v1.2.31

v1.2.32

v1.2.33

v1.2.34

v1.2.35

v1.2.36

v1.2.37

v1.2.38

v1.2.39

v1.2.4

v1.2.40

v1.2.41

v1.2.42

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55603.json"