CVE-2024-3584: Critical Path Traversal Flaw Exposes Qdrant Vector Database to Remote Takeover
A critical vulnerability has been uncovered in Qdrant, a popular open-source vector similarity search engine widely used for neural network-based matching and semantic search applications. Tracked as CVE-2024-3584, this flaw carries a near-perfect CVSS score of 9.8, underscoring the potential for severe exploitation.
Qdrant is a versatile vector similarity search engine and database designed to handle large-scale neural network and semantic-based matching applications. It supports a wide range of features, including extended filtering and faceted search, making it a valuable tool for developers working with AI and machine learning applications.
The path traversal vulnerability is located in the /collections/{name}/snapshots/upload
endpoint of Qdrant. Due to improper input validation, the name
parameter can be manipulated through URL encoding. This allows an attacker to upload files to arbitrary locations on the server’s filesystem, such as /root/poc.txt
.
By exploiting this vulnerability, attackers can potentially write and overwrite any file on the server, leading to severe consequences, including a complete takeover of the affected system.
Security researcher Ozelis discovered this critical flaw and demonstrated its exploitability through a published proof-of-concept. The proof-of-concept highlights how an attacker could manipulate the name
parameter to achieve unauthorized file uploads and gain control over the server.
The implications of this vulnerability are far-reaching, as it could enable attackers to execute arbitrary code, exfiltrate sensitive data, and disrupt services relying on Qdrant for vector search and storage.
The Qdrant development team has acted swiftly to address this vulnerability. The issue has been fixed in version 1.9.0. Users and administrators of Qdrant are strongly advised to upgrade to the latest version immediately to mitigate the risks associated with CVE-2024-3584.
In addition to upgrading, it is recommended to review access logs for any signs of exploitation and implement stringent input validation measures to prevent similar vulnerabilities in the future.