CVE-2024-8501

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c	Exploit
https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:modelscope:agentscope:0.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-04-01 20:31

NVD link : CVE-2024-8501

Mitre link : CVE-2024-8501

CVE.ORG link : CVE-2024-8501

JSON object : View

Products Affected

modelscope

agentscope

CWE

CWE-36

Absolute Path Traversal

{"id": "CVE-2024-8501", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:42.610", "references": [{"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-36"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network."}, {"lang": "es", "value": "Existe una vulnerabilidad de descarga de archivos arbitrarios en el componente rpc_agent_client de modelscope/agentscope versi\u00f3n v0.0.4. Esta vulnerabilidad permite a cualquier usuario descargar cualquier archivo del host de rpc_agent explotando el m\u00e9todo download_file. Esto puede provocar acceso no autorizado a informaci\u00f3n confidencial, como archivos de configuraci\u00f3n, credenciales y, posiblemente, archivos del sistema, lo que puede facilitar una mayor explotaci\u00f3n, como la escalada de privilegios o el movimiento lateral dentro de la red."}], "lastModified": "2025-04-01T20:31:58.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:modelscope:agentscope:0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90FB84B-BF69-41F6-875D-BFB3C19EB9CC"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}