Description

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.

INFO

Published Date :

2024-06-03T10:05:53.960Z

Last Modified :

2025-10-15T12:50:23.630Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3829 vulnerability.

Vendors Products
Qdrant
  • Qdrant
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3829.

URL Resource
https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260 cve-icon cve-icon cve-icon
https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact