Alexkar598

**Name of the Vulnerable Software and Affected Versions** tgstation-server versions 4.4.0 through 4.4.1 **Description** The issue allows an authenticated user with log download permissions to access any file on the server machine using directory traversal sequences in /Administration/Logs/ requests. However, the attacker cannot enumerate files. **Recommendations** For tgstation-server versions 4.4.0 and 4.4.1, consider restricting access to the /Administration/Logs/ endpoint until a fix is available, and limit file system access for the server process to minimize potential damage.