CVE-2024-47169

Name of the Vulnerable Software and Affected Versions Agnai versions prior to 1.0.330

Description A vulnerability in Agnai permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. The vulnerability affects publicly hosted installs without S3-compatible storage, but does not affect agnai.chat, installations using S3-compatible storage, or self-hosting that is not publicly exposed. The issue is related to path traversal and unrestricted upload of files with dangerous types, such as JavaScript files. An attacker can exploit this by sending a POST request to the /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character endpoint with a malicious id parameter, allowing them to control the location of the uploaded file.

Recommendations For versions prior to 1.0.330, update to version 1.0.330 to mitigate the vulnerability. Ensure thorough validation of user inputs, particularly the id parameter, file paths, and file names, to prevent directory traversal and ensure they end up in the desired folder location post-normalization. Restrict the types of files that can be uploaded via an allow-only list. As a temporary workaround, consider restricting access to the vulnerable API endpoint until a patch is available.