Path Traversal in modelscope/agentscope

Vulnerability

Overview

CVE-2024-8438 describes a path traversal vulnerability in AgentScope version 0.0.4, specifically in the /api/file API endpoint. The endpoint fails to sanitize the path parameter, allowing directory traversal sequences such as ../ to escape the intended directory [2][3]. The vulnerable code resides in src/agentscope/studio/_app.py at line 578, where the user-supplied path is passed directly to file read operations without validation [3].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP GET request to the /api/file endpoint with a malicious path parameter containing traversal sequences. No authentication is required, as the endpoint is publicly accessible in the default configuration [2][4]. For example, requesting /api/file?path=../../etc/passwd would retrieve the server's password file.

Impact

Successful exploitation allows an attacker to read arbitrary files on the server, including configuration files, credentials, source code, and other sensitive data. This information disclosure can lead to further compromise of the system and its data [2].

Mitigation

The vulnerability is present in AgentScope version 0.0.4. Users should upgrade to a patched version as soon as it becomes available. As a workaround, administrators can implement input validation to reject path traversal sequences or restrict access to the /api/file endpoint via a reverse proxy [1].