CVE-2024-10834 Overview
CVE-2024-10834 is an arbitrary file write vulnerability discovered in eosphoros-ai/db-gpt version 0.6.0. The vulnerability exists in the RAG-knowledge endpoint and stems from improper handling of file paths when using Python's os.path.join function. An attacker can exploit this flaw by passing an absolute path as the doc_file.filename parameter, allowing them to write files to arbitrary locations on the target server.
Critical Impact
This vulnerability enables unauthenticated remote attackers to overwrite critical system files or create new SSH key entries, potentially leading to complete system compromise through unauthorized remote access.
Affected Products
- DB-GPT version 0.6.0
- eosphoros-ai/db-gpt RAG-knowledge endpoint
Discovery Timeline
- 2025-03-20 - CVE-2024-10834 published to NVD
- 2025-07-17 - Last updated in NVD database
Technical Details for CVE-2024-10834
Vulnerability Analysis
This vulnerability is classified as CWE-73 (External Control of File Name or Path), a category of path traversal weaknesses where user-controlled input is improperly used to construct file system paths. In DB-GPT's RAG-knowledge endpoint, the application accepts file uploads but fails to properly sanitize or validate the filename before using it in file write operations.
The core issue lies in a misunderstanding of how Python's os.path.join function operates. When os.path.join receives an absolute path as one of its arguments, it discards all preceding path components and uses the absolute path directly. This behavior, while documented, becomes a critical security flaw when user-controlled input is passed to this function without proper validation.
An attacker exploiting this vulnerability can achieve arbitrary file write capabilities on the server, which can be leveraged for multiple attack scenarios including writing malicious SSH keys to gain persistent remote access, overwriting configuration files to modify application behavior, or planting web shells for continued exploitation.
Root Cause
The root cause is the improper validation of user-supplied filenames in the file upload functionality. The application passes the doc_file.filename parameter directly to os.path.join without checking whether it contains an absolute path. When an absolute path like /root/.ssh/authorized_keys is provided, Python's os.path.join ignores the intended upload directory and uses the attacker-controlled absolute path instead, enabling writes to any location accessible by the application's user context.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker can craft a malicious HTTP request to the RAG-knowledge endpoint with the doc_file.filename set to an absolute path on the target system. The server will then write the uploaded file content to the specified location.
For example, an attacker could set the filename to /root/.ssh/authorized_keys and include their public SSH key as the file content, granting them persistent SSH access to the server as root. Alternatively, targeting paths like /etc/cron.d/ or application configuration directories could enable code execution or privilege escalation.
The vulnerability requires only network access to the DB-GPT application endpoint, making it highly exploitable in exposed deployments. Technical details and proof-of-concept information are available through the Huntr Bounty Listing.
Detection Methods for CVE-2024-10834
Indicators of Compromise
- Unexpected file modifications in sensitive directories such as /root/.ssh/, /etc/, or application configuration paths
- New or modified authorized_keys files with unrecognized SSH public keys
- Anomalous HTTP requests to the RAG-knowledge endpoint containing absolute file paths in filename parameters
- Unexpected cron jobs or startup scripts appearing on the system
Detection Strategies
- Monitor HTTP request logs for the RAG-knowledge endpoint, specifically looking for filename parameters containing path separators or absolute paths starting with /
- Implement file integrity monitoring (FIM) on critical system directories to detect unauthorized modifications
- Deploy web application firewall (WAF) rules to detect and block requests with path traversal patterns in file upload parameters
- Review application logs for file write operations outside the expected upload directory
Monitoring Recommendations
- Enable detailed logging for the DB-GPT application, particularly for file upload operations
- Configure SIEM alerts for any file creation or modification events in sensitive system directories triggered by the web application user context
- Monitor for new SSH connections from unexpected sources that may indicate successful exploitation via SSH key injection
How to Mitigate CVE-2024-10834
Immediate Actions Required
- Restrict network access to the DB-GPT RAG-knowledge endpoint to trusted sources only
- Implement input validation to reject filenames containing absolute paths or path traversal sequences
- Run the DB-GPT application with minimal filesystem permissions to limit the impact of arbitrary file write attempts
- Audit existing systems for signs of compromise, particularly checking SSH authorized_keys files and cron directories
Patch Information
At the time of publication, users should check the eosphoros-ai/db-gpt GitHub repository for updated releases that address this vulnerability. Users running version 0.6.0 should upgrade to the latest available version that includes a fix for this arbitrary file write vulnerability.
Workarounds
- Deploy a reverse proxy or WAF in front of the application configured to block requests with absolute paths in file upload parameters
- Implement application-level input validation to extract only the basename from uploaded filenames using os.path.basename() before any file operations
- Restrict the application's filesystem write permissions to only the necessary upload directories using OS-level access controls
- Consider containerizing the application with limited volume mounts to restrict accessible filesystem paths
The mitigation approach should ensure that any user-provided filename is sanitized to remove path components before being used in file operations. The recommended fix involves using os.path.basename() to extract only the filename portion, discarding any directory path information provided by the user.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
