CVE-2024-10831 CRITICAL

CVE-2024-10831: Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt

Vendor Eosphoros-Ai
Product eosphoros-ai/db-gpt
Weakness CWE-36
Published March 20, 2025
Last update March 20, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the `file_key` and `doc_file.filename` parameters are user-controllable, enabling the construction of paths outside the intended directory. This can lead to overwriting essential system files, such as SSH keys, for further exploitation.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated