OpenCVE

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a
https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-30T12:33:21.326Z

Updated: 2024-08-01T20:12:07.892Z

Reserved: 2024-04-10T14:03:16.284Z

Link: CVE-2024-3584

Vulnrichment

Updated: 2024-08-01T20:12:07.892Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T13:15:49.947

Modified: 2024-11-21T09:29:55.687

Link: CVE-2024-3584

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3584", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-10T14:03:16.284Z", "datePublished": "2024-05-30T12:33:21.326Z", "dateUpdated": "2024-08-01T20:12:07.892Z"}, "containers": {"cna": {"title": "Path Traversal in qdrant/qdrant", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T12:33:21.326Z"}, "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"version": "unspecified", "lessThan": "v1.9.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "qdrant", "product": "qdrant", "cpes": ["cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "v1.9.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-30T17:16:50.281555Z", "id": "CVE-2024-3584", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T16:25:04.223Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.892Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.892Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3584", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T17:16:50.281555Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"], "vendor": "qdrant", "product": "qdrant", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v1.9.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-30T17:29:59.371Z"}}], "cna": {"title": "Path Traversal in qdrant/qdrant", "source": {"advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v1.9.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}], "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T12:33:21.326Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3584", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.892Z", "dateReserved": "2024-04-10T14:03:16.284Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-30T12:33:21.326Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}, {"lang": "es", "value": "qdrant/qdrant versi\u00f3n 1.9.0-dev es vulnerable al path traversal debido a una validaci\u00f3n de entrada incorrecta en el endpoint `/collections/{name}/snapshots/upload`. Al manipular el par\u00e1metro \"nombre\" a trav\u00e9s de la codificaci\u00f3n URL, un atacante puede cargar un archivo en una ubicaci\u00f3n arbitraria del sistema, como \"/root/poc.txt\". Esta vulnerabilidad permite escribir y sobrescribir archivos arbitrarios en el servidor, lo que podr\u00eda llevar a una toma total del sistema. El problema se solucion\u00f3 en la versi\u00f3n 1.9.0."}], "id": "CVE-2024-3584", "lastModified": "2024-11-21T09:29:55.687", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-30T13:15:49.947", "references": [{"source": "security@huntr.dev", "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}]}