4Gaboards
Monthly
Path traversal in 4ga Boards before 3.3.5 allows authenticated users with board import privileges to force the server to read and expose arbitrary local files as board attachments during BOARDS archive import. Attackers can then download sensitive host files (configuration files, credentials, application source code) through the normal download interface. CVSS score of 7.6 reflects high confidentiality impact with low integrity/availability impact. No public exploit code or active exploitation confirmed at time of analysis, though the attack technique is straightforward for authenticated insiders.
4ga Boards prior to version 3.3.5 leaks valid usernames and email addresses through response timing analysis on the login endpoint. An unauthenticated attacker can distinguish between invalid credentials (where the username/email does not exist) and valid credentials with an incorrect password by measuring response times, with a ~4.4× timing difference detectable in a single request over the network. This enables user enumeration attacks without brute-force constraints, allowing reconnaissance for subsequent account takeover attempts.
Path traversal in 4ga Boards before 3.3.5 allows authenticated users with board import privileges to force the server to read and expose arbitrary local files as board attachments during BOARDS archive import. Attackers can then download sensitive host files (configuration files, credentials, application source code) through the normal download interface. CVSS score of 7.6 reflects high confidentiality impact with low integrity/availability impact. No public exploit code or active exploitation confirmed at time of analysis, though the attack technique is straightforward for authenticated insiders.
4ga Boards prior to version 3.3.5 leaks valid usernames and email addresses through response timing analysis on the login endpoint. An unauthenticated attacker can distinguish between invalid credentials (where the username/email does not exist) and valid credentials with an incorrect password by measuring response times, with a ~4.4× timing difference detectable in a single request over the network. This enables user enumeration attacks without brute-force constraints, allowing reconnaissance for subsequent account takeover attempts.