We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47170

Agnai File Disclosure Vulnerability: JSON via Path Traversal



Description

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.

Reserved 2024-09-19 | Published 2024-09-26 | Updated 2024-09-26 | Assigner GitHub_M


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-35: Path Traversal: '.../...//'

Product status

< 1.0.330
affected

References

github.com/.../agnai/security/advisories/GHSA-h355-hm5h-cm8h

cve.org (CVE-2024-47170)

nvd.nist.gov (CVE-2024-47170)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47170

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.