admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-08 22:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-108xx/CVE-2024-10833.json
cad-safe-bot 45c9d5d76c Auto-Update: 2025-03-23T03:00:20.104511+00:00
2025-03-23 03:03:54 +00:00

60 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-10833",
"sourceIdentifier": "security@huntr.dev",
"published": "2025-03-20T10:15:20.630",
"lastModified": "2025-03-20T10:15:20.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises because the 'doc_file.filename' parameter is user-controllable, enabling the construction of absolute paths."
},
{
"lang": "es",
"value": "La versi\u00f3n 0.6.0 de eosphoros-ai/db-gpt es vulnerable a la escritura arbitraria de archivos a trav\u00e9s de la API de conocimiento. El endpoint para subir archivos como \"conocimiento\" es susceptible a path traversal absoluto, lo que permite a los atacantes escribir archivos en ubicaciones arbitrarias en el servidor objetivo. Esta vulnerabilidad surge porque el par\u00e1metro \"doc_file.filename\" es controlable por el usuario, lo que permite la construcci\u00f3n de rutas absolutas."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/dc58e981-e325-4c11-b4e1-1095890fd15a",
"source": "security@huntr.dev"
}
]
}
Reference in New Issue View Git Blame Copy Permalink