Soumettre #821925: AstrBotDevs AstrBot 4.24.2 Path Traversal (CWE-22)information

TitreAstrBotDevs AstrBot 4.24.2 Path Traversal (CWE-22)
Description# Technical Details A Path Traversal vulnerability exists in the `post_file` method in `astrbot/dashboard/routes/chat.py` of AstrBot. The application fails to sanitize the `file.filename` attribute when processing uploaded attachments in the authenticated dashboard API. The attacker-controlled filename is directly concatenated to the attachments directory path using `os.path.join()`. This allows an attacker to supply path traversal segments (e.g., `../`) in the filename to write files to arbitrary writable locations on the filesystem, circumventing the intended upload sandbox. # Vulnerable Code File: astrbot/dashboard/routes/chat.py Method: post_file Why: The code directly uses the attacker-provided `file.filename` inside `os.path.join(self.attachments_dir, filename)` without employing `secure_filename()` or validating that the resolved absolute path still resides within the bounds of `self.attachments_dir`. # Reproduction 1. Log into the AstrBot dashboard using valid credentials. 2. Send a multipart `POST` request to the `/api/chat/post_file` endpoint. 3. Supply a crafted `filename` in the file payload containing path traversal characters (e.g., `../../../../../../tmp/malicious.txt`). 4. Verify that the file has been written to the targeted absolute path outside the intended attachments directory. # Impact - Arbitrary file write to the underlying server's filesystem. - Overwriting application configuration or runtime data. - Potential code execution or privilege escalation if sensitive files or execution paths are overwritten.
La source⚠️ https://gist.github.com/YLChen-007/217a2e975faf5a5be6d76c63cb3f402e
Utilisateur
 Eric-a (UID 96353)
Soumission07/05/2026 13:33 (il y a 1 mois)
Modérer31/05/2026 09:14 (24 days later)
StatutDupliqué
Entrée VulDB364381 [AstrBotDevs AstrBot jusqu’à 4.23.5 File Upload chat.py post_file filename directory traversal]
Points0

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!