CVE-2024-3584 - Vulnerability Details - OpenCVE

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qdrant	Qdrant

Configuration 1 [-]

cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a
https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00355}`	epss `{'score': 0.00267}`

Thu, 10 Jul 2025 18:45:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}`

Thu, 10 Jul 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qdrant Qdrant qdrant
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:qdrant:qdrant::::::::
Vendors & Products		Qdrant Qdrant qdrant

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-30T12:33:21.326Z

Updated: 2024-08-01T20:12:07.892Z

Reserved: 2024-04-10T14:03:16.284Z

Link: CVE-2024-3584

Vulnrichment

Updated: 2024-08-01T20:12:07.892Z

NVD

Status : Analyzed

Published: 2024-05-30T13:15:49.947

Modified: 2025-07-10T18:21:56.083

Link: CVE-2024-3584

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3584", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-10T14:03:16.284Z", "datePublished": "2024-05-30T12:33:21.326Z", "dateUpdated": "2024-08-01T20:12:07.892Z"}, "containers": {"cna": {"title": "Path Traversal in qdrant/qdrant", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T12:33:21.326Z"}, "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"version": "unspecified", "lessThan": "v1.9.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "qdrant", "product": "qdrant", "cpes": ["cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "v1.9.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-30T17:16:50.281555Z", "id": "CVE-2024-3584", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T16:25:04.223Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.892Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.892Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3584", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T17:16:50.281555Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*"], "vendor": "qdrant", "product": "qdrant", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v1.9.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-30T17:29:59.371Z"}}], "cna": {"title": "Path Traversal in qdrant/qdrant", "source": {"advisory": "5c7c82e2-4873-40b7-a5f3-0f4a42642f73", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v1.9.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}], "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T12:33:21.326Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3584", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.892Z", "dateReserved": "2024-04-10T14:03:16.284Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-30T12:33:21.326Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*", "matchCriteriaId": "E89DD11F-8B80-4400-9F56-15BF6683DD2E", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0."}, {"lang": "es", "value": "qdrant/qdrant versi\u00f3n 1.9.0-dev es vulnerable al path traversal debido a una validaci\u00f3n de entrada incorrecta en el endpoint `/collections/{name}/snapshots/upload`. Al manipular el par\u00e1metro \"nombre\" a trav\u00e9s de la codificaci\u00f3n URL, un atacante puede cargar un archivo en una ubicaci\u00f3n arbitraria del sistema, como \"/root/poc.txt\". Esta vulnerabilidad permite escribir y sobrescribir archivos arbitrarios en el servidor, lo que podr\u00eda llevar a una toma total del sistema. El problema se solucion\u00f3 en la versi\u00f3n 1.9.0."}], "id": "CVE-2024-3584", "lastModified": "2025-07-10T18:21:56.083", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-05-30T13:15:49.947", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}