Lucene search

GoogleOSV:GHSA-XCR2-H8HV-6227

HistoryJun 02, 2024 - 10:30 p.m.

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

2024-06-0222:30:10

Google

osv.dev

qdrant

path traversal

snapshots upload

input validation

arbitrary file upload

system takeover

security vulnerability

version 1.9.0

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

References

github.com/qdrant/qdrant

github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a

huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

nvd.nist.gov/vuln/detail/CVE-2024-3584

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for OSV:GHSA-XCR2-H8HV-6227