Arbitrary File Write via Automatic Archive Extraction
A vulnerability in version 2.17.1 of the software allows arbitrary file write by abusing automatic archive extraction. This issue was patched in version 2.18.1.
Available publicly on Sep 25 2024 | Available with Premium on Jul 18 2024
Threat Overview
The vulnerability arises from the software's handling of model configuration files that include archives (e.g., .tar files). These archives are automatically extracted without proper validation, allowing an attacker to perform a 'tarslip' attack. This can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution (RCE) if the attacker overwrites critical backend assets.
Attack Scenario
An attacker crafts a malicious .tar archive containing a symlink that points to a sensitive directory. By uploading this archive through the model configuration, the attacker can write files to arbitrary locations on the server. For example, overwriting a backend asset used by a model can lead to remote code execution when the model is run.
Who is affected
Users running version 2.17.1 of the software who allow model configurations that include archives are affected. This includes any deployment where the software has write permissions to critical directories.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.