Lucene search

GitHub Advisory DatabaseGHSA-XCR2-H8HV-6227

HistoryJun 02, 2024 - 10:30 p.m.

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

2024-06-0222:30:10

CWE-20

GitHub Advisory Database

github.com

qdrant

software

path traversal

input validation

arbitrary file upload

system takeover

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

Affected configurations

Vulners

Node

qdrantqdrantMatch1.9.0-dev

VendorProductVersionCPE
qdrantqdrant1.9.0-devcpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qdrant	qdrant	1.9.0-dev	cpe:2.3:a:qdrant:qdrant:1.9.0-dev:::::::*

References

github.com/advisories/GHSA-xcr2-h8hv-6227

github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a

huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

nvd.nist.gov/vuln/detail/CVE-2024-3584

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-XCR2-H8HV-6227