Lucene search

GoogleOSV:CVE-2024-3584

HistoryMay 30, 2024 - 1:15 p.m.

CVE-2024-3584

2024-05-3013:15:49

Google

osv.dev

qdrant software

path traversal

input validation

file upload

system takeover

security vulnerability

version 1.9.0 fix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

CPENameOperatorVersion
qdranteq0.3.5
qdranteq0.8.5
qdranteq0.3.6
qdranteq0.4.0
qdranteq0.8.1
qdranteq0.10.2
qdranteq0.3.0
qdranteq0.3.2
qdranteq0.8.2
qdranteq0.8.6

Name	Operator	Version
qdrant	eq	0.3.5
qdrant	eq	0.8.5
qdrant	eq	0.3.6
qdrant	eq	0.4.0
qdrant	eq	0.8.1
qdrant	eq	0.10.2
qdrant	eq	0.3.0
qdrant	eq	0.3.2
qdrant	eq	0.8.2
qdrant	eq	0.8.6

Rows per page:

1-10 of 301

References

github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a

huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for OSV:CVE-2024-3584