CVE-2024-3584
CVSS V2 None
CVSS V3 None
Description
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
Overview
- CVE ID
- CVE-2024-3584
- Assigner
- @huntr_ai
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-30T12:33:21.326Z
- Last Modified Date
- 2024-05-30T12:33:21.326Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-3584 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3584 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-23 22:54:15 | Added to TrackCVE |