Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible endpoint requires low-privilege authentication; path traversal yields only file read with no write or availability impact.
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the exportReport method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-28208.
AnalysisAI
Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.
Technical ContextAI
Allegra is a project and issue tracking platform developed by Alltena. The vulnerability resides in the exportReport method, which accepts a user-supplied path parameter and passes it to file system operations without sanitizing directory traversal sequences (e.g., '../'). This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) flaw. The CPE string cpe:2.3:a:allegra:allegra:*:*:*:*:*:*:*:* with a wildcard version component indicates all releases prior to the fix are affected. Because the read operation executes as the service account, the breadth of disclosure depends on the OS-level permissions of that account - potentially exposing configuration files, credentials, private keys, or other application data on the host.
RemediationAI
The primary remediation is to upgrade Allegra to version 9.0.0 or later, as indicated by the Alltena release notes at https://alltena.com/en/resources/release-notes/release-notes-for-release-9-0-0/. The fix version is inferred from the advisory reference and has not been independently verified as explicitly patching this CVE - administrators should confirm with Alltena support. If immediate upgrade is not possible, restrict access to the exportReport functionality at the network or application layer by limiting which user roles or groups can invoke report export operations. Additionally, running the Allegra service under a least-privilege OS account (rather than a broad service account) will reduce the blast radius of any traversal by limiting which files on the host are readable. Placing Allegra behind an authenticated reverse proxy with strict access controls for external users adds a compensating layer but does not eliminate the flaw for insider threat scenarios.
Allegra project tracking software contains an authentication bypass in the password recovery token generation. Unauthent
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerab
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVS
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3)
Cross-site scripting in Allegra's downloadAttachment method enables authenticated remote attackers to inject and execute
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this v
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36633
GHSA-p625-mq37-453v