Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
7DescriptionGitHub Advisory
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5.
AnalysisAI
Path traversal in 4ga Boards before 3.3.5 allows authenticated users with board import privileges to force the server to read and expose arbitrary local files as board attachments during BOARDS archive import. Attackers can then download sensitive host files (configuration files, credentials, application source code) through the normal download interface. CVSS score of 7.6 reflects high confidentiality impact with low integrity/availability impact. No public exploit code or active exploitation confirmed at time of analysis, though the attack technique is straightforward for authenticated insiders.
Technical ContextAI
4ga Boards is a realtime project management application. The vulnerability stems from insufficient path validation (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) in the BOARDS archive import functionality. When processing imported archives containing attachment references, the application fails to sanitize file paths, allowing directory traversal sequences (e.g., '../../../etc/passwd'). The server processes these malicious paths during import, reads files from arbitrary filesystem locations, and stores them as legitimate board attachments. This converts a path traversal flaw into a persistent file disclosure mechanism, as the exfiltrated files become accessible through the application's standard attachment download API without requiring repeated exploitation.
RemediationAI
Upgrade to 4ga Boards version 3.3.5 or later, which contains the vendor-released patch for this path traversal vulnerability. The fix is confirmed in the GitHub security advisory at https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm. If immediate patching is not feasible, implement temporary compensating controls: restrict board import privileges to only highly trusted administrators (reduces attack surface but does not eliminate risk from compromised admin accounts), run the 4ga Boards application process with minimal filesystem permissions using a dedicated service account with read access only to required directories (limits blast radius of file disclosure), deploy mandatory code review or automated scanning of all BOARDS archives before import (adds operational overhead and may miss obfuscated traversal sequences), and monitor server logs for import operations containing directory traversal patterns like '../' in attachment paths (detection-only control, does not prevent exploitation). These workarounds provide defense-in-depth but do not fully mitigate the vulnerability; upgrading to 3.3.5 is the only complete solution.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25613