Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for qdrant/qdrant by qdrant

    CVE-2024-3829 (GCVE-0-2024-3829)

    Vulnerability from nvd – Published: 2024-06-03 10:05 – Updated: 2025-10-15 12:50
    VLAI
    Title
    Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant
    Summary
    qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < v1.9.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 1.9.0-dev , < 1.9.0 (custom)
        cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThan": "1.9.0",
                    "status": "affected",
                    "version": "1.9.0-dev",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T13:33:51.539372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:32:29.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "v1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot\u0027s directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T12:50:23.630Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
            }
          ],
          "source": {
            "advisory": "abd9c906-75ee-4d84-b76d-ce1386401e08",
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-3829",
        "datePublished": "2024-06-03T10:05:53.960Z",
        "dateReserved": "2024-04-15T15:42:20.597Z",
        "dateUpdated": "2025-10-15T12:50:23.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3584 (GCVE-0-2024-3584)

    Vulnerability from nvd – Published: 2024-05-30 12:33 – Updated: 2024-08-01 20:12
    VLAI
    Title
    Path Traversal in qdrant/qdrant
    Summary
    qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < v1.9.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 0 , ≤ v1.9.0 (custom)
        cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThanOrEqual": "v1.9.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3584",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-30T17:16:50.281555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:25:04.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:07.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "v1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T12:33:21.326Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"
            }
          ],
          "source": {
            "advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-3584",
        "datePublished": "2024-05-30T12:33:21.326Z",
        "dateReserved": "2024-04-10T14:03:16.284Z",
        "dateUpdated": "2024-08-01T20:12:07.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2221 (GCVE-0-2024-2221)

    Vulnerability from nvd – Published: 2024-04-10 17:07 – Updated: 2024-08-01 19:03
    VLAI
    Title
    Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant
    Summary
    qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 0 , ≤ 1.8.0 (custom)
        cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2221",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T18:54:53.404384Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T18:57:15.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-16T11:10:29.349Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d"
            }
          ],
          "source": {
            "advisory": "6be8d4e3-67e6-4660-a8db-04215a1cff3e",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-2221",
        "datePublished": "2024-04-10T17:07:59.396Z",
        "dateReserved": "2024-03-06T13:38:49.690Z",
        "dateUpdated": "2024-08-01T19:03:39.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3829 (GCVE-0-2024-3829)

    Vulnerability from cvelistv5 – Published: 2024-06-03 10:05 – Updated: 2025-10-15 12:50
    VLAI
    Title
    Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant
    Summary
    qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < v1.9.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 1.9.0-dev , < 1.9.0 (custom)
        cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThan": "1.9.0",
                    "status": "affected",
                    "version": "1.9.0-dev",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T13:33:51.539372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:32:29.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "v1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot\u0027s directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T12:50:23.630Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"
            }
          ],
          "source": {
            "advisory": "abd9c906-75ee-4d84-b76d-ce1386401e08",
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-3829",
        "datePublished": "2024-06-03T10:05:53.960Z",
        "dateReserved": "2024-04-15T15:42:20.597Z",
        "dateUpdated": "2025-10-15T12:50:23.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3584 (GCVE-0-2024-3584)

    Vulnerability from cvelistv5 – Published: 2024-05-30 12:33 – Updated: 2024-08-01 20:12
    VLAI
    Title
    Path Traversal in qdrant/qdrant
    Summary
    qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < v1.9.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 0 , ≤ v1.9.0 (custom)
        cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThanOrEqual": "v1.9.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3584",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-30T17:16:50.281555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:25:04.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:07.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "v1.9.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T12:33:21.326Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"
            }
          ],
          "source": {
            "advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-3584",
        "datePublished": "2024-05-30T12:33:21.326Z",
        "dateReserved": "2024-04-10T14:03:16.284Z",
        "dateUpdated": "2024-08-01T20:12:07.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2221 (GCVE-0-2024-2221)

    Vulnerability from cvelistv5 – Published: 2024-04-10 17:07 – Updated: 2024-08-01 19:03
    VLAI
    Title
    Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant
    Summary
    qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    qdrant qdrant/qdrant Affected: unspecified , < 1.8.0 (custom)
    Create a notification for this product.
    qdrant qdrant Affected: 0 , ≤ 1.8.0 (custom)
        cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qdrant",
                "vendor": "qdrant",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2221",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T18:54:53.404384Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T18:57:15.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qdrant/qdrant",
              "vendor": "qdrant",
              "versions": [
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-16T11:10:29.349Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e"
            },
            {
              "url": "https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d"
            }
          ],
          "source": {
            "advisory": "6be8d4e3-67e6-4660-a8db-04215a1cff3e",
            "discovery": "EXTERNAL"
          },
          "title": "Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-2221",
        "datePublished": "2024-04-10T17:07:59.396Z",
        "dateReserved": "2024-03-06T13:38:49.690Z",
        "dateUpdated": "2024-08-01T19:03:39.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }