Launchpad.net

CVE 2017-15205

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

See the CVE page on Mitre.org for more details.