6.4

CVE-2025-55011

Exploit

Kanboard Path Traversal in File Write via Task File Upload Api

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KanboardKanboard Version < 1.2.47
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.241
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com 6.4 3.1 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
Third Party Advisory
Exploit
https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681
Patch
https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57
Product