{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T13:04:29.190","vulnerabilities":[{"cve":{"id":"CVE-2025-55011","sourceIdentifier":"security-advisories@github.com","published":"2025-08-12T16:15:28.700","lastModified":"2025-08-22T17:15:47.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."},{"lang":"es","value":"Kanboard es un software de gestión de proyectos basado en la metodología Kanban. Antes de la versión 1.2.47, el método createTaskFile de la API no validaba si el parámetro task_id era un ID de tarea válido ni verificaba path traversal. Por lo tanto, un usuario malicioso podría escribir un archivo en cualquier parte del sistema que controle el usuario de la aplicación. El impacto es limitado debido a que el nombre del archivo está codificado y no tiene extensión. Este problema se ha corregido en la versión 1.2.47."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.47","matchCriteriaId":"8725B482-0964-41C2-9E52-AB3DB5BE0976"}]}]}],"references":[{"url":"https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}