Submeter #811276: adenhq hive latest Path Traversal (CWE-22)informação

Títuloadenhq hive latest Path Traversal (CWE-22)
Descrição# Technical Details A Path Traversal vulnerability exists in the `handle_delete_history_session` method in `core/framework/server/routes_sessions.py` of hive. The application fails to sanitize the `session_id` parameter extracted from the DELETE request URL before concatenating it to a base directory pathway and passing it to a recursive deletion function. # Vulnerable Code File: `core/framework/server/routes_sessions.py` Method: `handle_delete_history_session` Why: The route extracts `session_id` directly from `request.match_info` without routing it through a path sanitization function like `safe_path_segment`. Because the `session_id` is blindly concatenated into `Path.home() / ".hive" / "queen" / "session" / session_id` and then explicitly wiped using `shutil.rmtree()`, payload traversals like `../` will escape the root directory restriction. # Reproduction 1. Establish a simulated sensitive directory on the server where the Hive application is running (e.g., `mkdir -p /tmp/pwned`). 2. Send an unauthenticated `DELETE` request with URL-encoded traversal payloads targeting the mocked directory: `curl -X DELETE "http://127.0.0.1:8006/api/sessions/history/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Ftmp%2Fpwned"`. 3. Verify on the backend server that the targeted directory `/tmp/pwned` was successfully and completely deleted. # Impact - Arbitrary Data Destruction of any directory on the host filesystem accessible to the application process. - Complete Denial of Service (DoS) by actively deleting core application directories or dependencies.
Fonte⚠️ https://gist.github.com/YLChen-007/ff3ff201b05d13d41f949f86e9187bd2
Utilizador
 Eric-b (UID 96354)
Submissão23/04/2026 09h48 (há 1 mês)
Moderação16/05/2026 19h39 (23 days later)
EstadoAceite
Entrada VulDB364384 [adenhq hive até 0.11.0 Delete Request routes_sessions.py _read_events_tail Travessia de Diretório]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!