CVE-2024-3584

CVSS V2 None CVSS V3 None
Description
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
Overview
  • CVE ID
  • CVE-2024-3584
  • Assigner
  • @huntr_ai
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-05-30T12:33:21.326Z
  • Last Modified Date
  • 2024-05-30T12:33:21.326Z
History
Created Old Value New Value Data Type Notes
2024-06-23 22:54:15 Added to TrackCVE