CVE-2024-3078

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Mar 29, 2024
Updated: May 17, 2024
CWE ID 22

Summary

CVE-2024-3078 is a critical vulnerability affecting Qdrant versions up to 1.6.1, 1.7.4, and 1.8.2. The issue lies in the processing of the file lib/collection/src/collection/snapshots.rs in the Full Snapshot REST API component. This vulnerability allows for path traversal, which can be exploited. To mitigate this risk, it is recommended to upgrade to Qdrant version 1.8.3, which includes the patch with the identifier 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. Failure to upgrade may leave the system susceptible to exploitation, as identified by VDB-258611.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share