Qdrant
CVE-2024-3584
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
AnalysisAI
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-20. qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. Affected products include: Qdrant. Version information: version 1.9.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTIO
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Rat
Arbitrary file append vulnerability in Qdrant vector database versions 1.9.3 through 1.15.x allows authenticated users w
* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_ve
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical.rs of the component Full Snapshot
Same weakness CWE-20 – Improper Input Validation
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today