CVE-2024-3829 - Vulnerability Details - OpenCVE

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qdrant	Qdrant

Configuration 1 [-]

cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260
https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00198}`	epss `{'score': 0.00165}`

Thu, 10 Jul 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qdrant Qdrant qdrant
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:qdrant:qdrant::::::::
Vendors & Products		Qdrant Qdrant qdrant
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-03T10:05:53.960Z

Updated: 2024-08-01T20:20:01.830Z

Reserved: 2024-04-15T15:42:20.597Z

Link: CVE-2024-3829

Vulnrichment

Updated: 2024-08-01T20:20:01.830Z

NVD

Status : Analyzed

Published: 2024-06-03T10:15:14.267

Modified: 2025-07-10T17:45:15.560

Link: CVE-2024-3829

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3829", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-15T15:42:20.597Z", "datePublished": "2024-06-03T10:05:53.960Z", "dateUpdated": "2024-08-01T20:20:01.830Z"}, "containers": {"cna": {"title": "Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-03T10:05:53.960Z"}, "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0."}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"version": "unspecified", "lessThan": "v1.9.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"}, {"url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "abd9c906-75ee-4d84-b76d-ce1386401e08", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3829", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T13:33:51.539372Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*"], "vendor": "qdrant", "product": "qdrant", "versions": [{"status": "affected", "version": "1.9.0-dev", "lessThan": "1.9.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:29.518Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.830Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08", "tags": ["x_transferred"]}, {"url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.830Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3829", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T13:33:51.539372Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qdrant:qdrant:1.9.0-dev:*:*:*:*:*:*:*"], "vendor": "qdrant", "product": "qdrant", "versions": [{"status": "affected", "version": "1.9.0-dev", "lessThan": "1.9.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T13:38:04.844Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant", "source": {"advisory": "abd9c906-75ee-4d84-b76d-ce1386401e08", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "qdrant", "product": "qdrant/qdrant", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v1.9.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"}, {"url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"}], "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-03T10:05:53.960Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3829", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:01.830Z", "dateReserved": "2024-04-15T15:42:20.597Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-03T10:05:53.960Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qdrant:qdrant:*:*:*:*:*:*:*:*", "matchCriteriaId": "E89DD11F-8B80-4400-9F56-15BF6683DD2E", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0."}, {"lang": "es", "value": "qdrant/qdrant versi\u00f3n 1.9.0-dev es vulnerable a lecturas y escrituras arbitrarias de archivos durante el proceso de recuperaci\u00f3n de instant\u00e1neas. Los atacantes pueden aprovechar esta vulnerabilidad manipulando archivos de instant\u00e1neas para incluir enlaces simb\u00f3licos, lo que lleva a una lectura arbitraria de archivos al agregar un enlace simb\u00f3lico que apunta a un archivo deseado en el sistema de archivos y a una escritura de archivos arbitraria al incluir un enlace simb\u00f3lico y un archivo de carga \u00fatil en la estructura de directorios de la instant\u00e1nea. Esta vulnerabilidad permite la lectura y escritura de archivos arbitrarios en el servidor, lo que potencialmente podr\u00eda conducir a una toma total del sistema. El problema se solucion\u00f3 en la versi\u00f3n v1.9.0."}], "id": "CVE-2024-3829", "lastModified": "2025-07-10T17:45:15.560", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-06-03T10:15:14.267", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}