Arbitrary File Write via RAG-Knowledge Endpoint
A vulnerability in version 0.6.0 of the software allows arbitrary file writes through the RAG-knowledge endpoint. This issue was patched in a subsequent release.
Available publicly on Nov 04 2024
Threat Overview
The vulnerability arises from the ability to pass an absolute path to a call to os.path.join
in the RAG-knowledge endpoint. This allows an attacker to write arbitrary files to arbitrary locations on the target server. The root cause is the user-controllable doc_file.filename
parameter, which can be set to an absolute path, bypassing the intended directory constraints.
Attack Scenario
An attacker could exploit this vulnerability by first creating a knowledge space and then uploading a document with a payload that specifies an absolute path for the file name. This would allow the attacker to write arbitrary files to the server, potentially overwriting critical system files or creating new entries such as SSH keys.
Who is affected
Users running version 0.6.0 of the software are affected by this vulnerability. This includes any deployments where the RAG-knowledge endpoint is exposed and accessible.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.