Qdrant till 1.6.1/1.7.4/1.8.2 Full Snapshot REST API snapshots.rs kataloggenomgång

InträdeHistoryjsonxmlCTI

En kritisksvag punkt hittades i Qdrant till 1.6.1/1.7.4/1.8.2. Som påverkar en okänd funktion filen lib/collection/src/collection/snapshots.rs av komponenten Full Snapshot REST API. Manipulering en okänd ingång leder till en sårbarhet klass kataloggenomgång svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt är känd som CVE-2024-3078. Attacken kan äga rum i det lokala nätet. Det finns tekniska detaljer känd. Han deklarerade inte definierad. En uppgradering till den version 1.8.3 att åtgärda problemet. Uppgraderingen som erbjuds för nedladding github.com. Plåstret kan laddas ner från github.com. Som bläst uppdatera till den senaste versionen åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält	29/03/2024 08:16	07/05/2024 17:57	07/05/2024 18:04
name	Qdrant	Qdrant	Qdrant
version	<=1.6.1/1.7.4/1.8.2	<=1.6.1/1.7.4/1.8.2	<=1.6.1/1.7.4/1.8.2
component	Full Snapshot REST API	Full Snapshot REST API	Full Snapshot REST API
file	lib/collection/src/collection/snapshots.rs	lib/collection/src/collection/snapshots.rs	lib/collection/src/collection/snapshots.rs
cwe	22 (kataloggenomgång)	22 (kataloggenomgång)	22 (kataloggenomgång)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	3856/3867	3856/3867	3856/3867
url	https://github.com/qdrant/qdrant/pull/3856	https://github.com/qdrant/qdrant/pull/3856	https://github.com/qdrant/qdrant/pull/3856
name	Upgrade	Upgrade	Upgrade
upgrade_version	1.8.3	1.8.3	1.8.3
upgrade_url	https://github.com/qdrant/qdrant/releases/tag/v1.8.3	https://github.com/qdrant/qdrant/releases/tag/v1.8.3	https://github.com/qdrant/qdrant/releases/tag/v1.8.3
patch_name	3ab5172e9c8f14fa1f7b24e7147eac74e2412b62	3ab5172e9c8f14fa1f7b24e7147eac74e2412b62	3ab5172e9c8f14fa1f7b24e7147eac74e2412b62
patch_url	https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62	https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62	https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62
advisoryquote	Fix arbitrary path traversal vulnerability in full snapshot REST API (#3856)	Fix arbitrary path traversal vulnerability in full snapshot REST API (#3856)	Fix arbitrary path traversal vulnerability in full snapshot REST API (#3856)
cve	CVE-2024-3078	CVE-2024-3078	CVE-2024-3078
responsible	VulDB	VulDB	VulDB
date	1711666800 (29/03/2024)	1711666800 (29/03/2024)	1711666800 (29/03/2024)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss4_vuldb_av	A	A	A
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss4_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	5.5
cvss3_meta_tempscore	5.3	5.3	5.4
cvss4_vuldb_bscore	5.1	5.1	5.1
cvss4_vuldb_btscore	5.1	5.1	5.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1711666800 (29/03/2024)	1711666800 (29/03/2024)
cve_nvd_summary		A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.	A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_cna_basescore			5.5

◂ Tidigare Översikt Nästa ▸

Do you know our Splunk app?

Download it now for free!