Lucene search

[email protected]CVE-2024-3078

HistoryMar 29, 2024 - 1:15 p.m.

CVE-2024-3078

2024-03-2913:15:16

CWE-22

[email protected]

web.nvd.nist.gov

qdrant

full snapshot rest api

path traversal

component upgrade

file manipulation

path traversal

version 1.8.3

patch

vdb-258611

nvd

critical vulnerability

5.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.1%

JSON

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.

VendorProductVersionCPE
qdrantqdrant1.6.0cpe:2.3:a:qdrant:qdrant:1.6.0:*:*:*:*:*:*:*
qdrantqdrant1.6.1cpe:2.3:a:qdrant:qdrant:1.6.1:*:*:*:*:*:*:*
qdrantqdrant1.7.0cpe:2.3:a:qdrant:qdrant:1.7.0:*:*:*:*:*:*:*
qdrantqdrant1.7.1cpe:2.3:a:qdrant:qdrant:1.7.1:*:*:*:*:*:*:*
qdrantqdrant1.7.2cpe:2.3:a:qdrant:qdrant:1.7.2:*:*:*:*:*:*:*
qdrantqdrant1.7.3cpe:2.3:a:qdrant:qdrant:1.7.3:*:*:*:*:*:*:*
qdrantqdrant1.7.4cpe:2.3:a:qdrant:qdrant:1.7.4:*:*:*:*:*:*:*
qdrantqdrant1.8.0cpe:2.3:a:qdrant:qdrant:1.8.0:*:*:*:*:*:*:*
qdrantqdrant1.8.1cpe:2.3:a:qdrant:qdrant:1.8.1:*:*:*:*:*:*:*
qdrantqdrant1.8.2cpe:2.3:a:qdrant:qdrant:1.8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qdrant	qdrant	1.6.0	cpe:2.3:a:qdrant:qdrant:1.6.0:::::::*
qdrant	qdrant	1.6.1	cpe:2.3:a:qdrant:qdrant:1.6.1:::::::*
qdrant	qdrant	1.7.0	cpe:2.3:a:qdrant:qdrant:1.7.0:::::::*
qdrant	qdrant	1.7.1	cpe:2.3:a:qdrant:qdrant:1.7.1:::::::*
qdrant	qdrant	1.7.2	cpe:2.3:a:qdrant:qdrant:1.7.2:::::::*
qdrant	qdrant	1.7.3	cpe:2.3:a:qdrant:qdrant:1.7.3:::::::*
qdrant	qdrant	1.7.4	cpe:2.3:a:qdrant:qdrant:1.7.4:::::::*
qdrant	qdrant	1.8.0	cpe:2.3:a:qdrant:qdrant:1.8.0:::::::*
qdrant	qdrant	1.8.1	cpe:2.3:a:qdrant:qdrant:1.8.1:::::::*
qdrant	qdrant	1.8.2	cpe:2.3:a:qdrant:qdrant:1.8.2:::::::*

References

github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62

github.com/qdrant/qdrant/pull/3856

github.com/qdrant/qdrant/releases/tag/v1.8.3

vuldb.com/?ctiid.258611

vuldb.com/?id.258611

5.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.1%

JSON

Related for CVE-2024-3078

osv1 cvelist1