Lucene search

[email protected]CVE-2024-3584

HistoryMay 30, 2024 - 1:15 p.m.

CVE-2024-3584

2024-05-3013:15:49

CWE-20

[email protected]

web.nvd.nist.gov

qdrant version 1.9.0-dev

path traversal

improper input validation

collections

snapshots upload

url encoding

arbitrary location

system takeover

vulnerability fixed

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

CNA Affected

[
  {
    "vendor": "qdrant",
    "product": "qdrant/qdrant",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "v1.9.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a

huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-3584

cvelist1 osv2 nvd1 github1