CVE-2024-10831

Exploit

EPSS 0.22%
Veröffentlicht 20.03.2025 10:09:08
Zuletzt bearbeitet 17.07.2025 13:38:08
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the `file_key` and `doc_file.filename` parameters are user-controllable, enabling the construction of paths outside the intended directory. This can lead to overwriting essential system files, such as SSH keys, for further exploitation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dbgpt ≫ Db-gpt Version0.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

https://huntr.com/bounties/5c34c39f-66d4-414c-ab6a-f7888a5d882a

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-10831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10831

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10831