CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-55603

Medium Severity
Kanboard
SVRS
30/100
CVSSv3
6.5/10
EPSS
0.00042/1

CVE-2024-55603 is a session management vulnerability in Kanboard, a project management software. This flaw allows sessions to remain active and usable even after their intended lifetime has expired, posing a security risk. While the CVSS score is 6.5, the SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates a relatively low level of active exploitation or threat actor interest at this time. The issue stems from a failure to properly validate session expiry within Kanboard's custom session handler, resulting in potentially unauthorized access for a limited period. While session garbage collection exists, it operates with a low probability, meaning expired sessions may persist. Upgrade to version 1.2.43 to mitigate this session expiry issue and ensure proper access control. The software maintainers strongly encourage upgrading to the newest version.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:L
A:N
PUBLICATION DATE2024-12-19
LAST MODIFIED2025-03-12
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-55603 is a vulnerability in Kanboard, a project management software that utilizes the Kanban methodology. The issue stems from the improper handling of session lifetimes. Kanboard fails to adequately check if a session's lifetime has expired, allowing sessions to persist even after their expiration date. This is further exacerbated by the fact that the session garbage collection function is only executed with a low probability (1/1000) in the official Docker image, potentially leaving expired sessions active for extended periods.

SVRS: 42

The SVRS score of 42 indicates that while this vulnerability is not considered critically urgent, it still presents a significant security risk. It requires attention and timely mitigation to prevent potential exploitation.

Key Insights

  • Persistence of Expired Sessions: The vulnerability allows attackers to potentially hijack expired sessions, gaining access to sensitive data and functionality within the Kanboard application.
  • Low Probability of Garbage Collection: The infrequent session garbage collection increases the window of opportunity for attackers to exploit the vulnerability, as expired sessions might remain active for extended periods.
  • Potential for Privilege Escalation: An attacker could potentially escalate their privileges by gaining control of an expired session belonging to a user with higher permissions.
  • No Known Workarounds: Currently, there are no known workarounds for this vulnerability. The only recommended solution is to upgrade to Kanboard version 1.2.43 or later.

Mitigation Strategies

  • Immediate Upgrade: The most effective mitigation strategy is to immediately upgrade to Kanboard version 1.2.43 or later. This update addresses the vulnerability and ensures proper session lifetime management.
  • Increase Session Garbage Collection Frequency: If upgrading is not immediately feasible, consider increasing the session garbage collection frequency by adjusting the session.gc_probability and session.gc_divisor settings in the PHP configuration. This will increase the likelihood of expired sessions being removed.
  • Implement Strong Authentication Practices: Employ robust authentication mechanisms, such as two-factor authentication (2FA), to further protect against unauthorized access even if an expired session is compromised.
  • Regular Security Audits: Conduct regular security audits to identify and address any potential vulnerabilities, including those related to session management.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-55603 | Kanban up to 1.2.42 SessionHandler.php session expiration (GHSA-gv5c-8pxr-p484)
vuldb.com2025-03-13
CVE-2024-55603 | Kanban up to 1.2.42 SessionHandler.php session expiration (GHSA-gv5c-8pxr-p484) | A vulnerability, which was classified as problematic, has been found in Kanban up to 1.2.42. Affected by this issue is some unknown functionality of the file app/Core/Session/SessionHandler.php. The manipulation leads to session expiration. This vulnerability is handled as CVE-2024-55603. The attack may be launched remotely. There is no
vuldb.com
rss
forum
news

Social Media

CVE-2024-55603 Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded… https://t.co/bcX8BJaf5o
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppKanboardkanboard

References

ReferenceLink
[email protected]https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40
[email protected]https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78
[email protected]https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484
[email protected]https://www.php.net/manual/en/function.session-start.php
[email protected]https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor
[email protected]https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime
[email protected]https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability
[email protected]https://www.php.net/manual/en/sessionhandlerinterface.gc.php
GITHUBhttps://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484

CWE Details

CWE IDCWE NameDescription
CWE-613Insufficient Session ExpirationAccording to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence