ModelScope AgentScope Arbitrary File Download Vulnerability in rpc_agent_client Component

Vulnerability

A vulnerability allowing arbitrary file download has been identified in the rpc_agent_client component of ModelScope AgentScope version 0.0.4. This issue enables any user to download files from the host of the rpc_agent by exploiting the download_file method. The vulnerability could result in unauthorized access to sensitive information such as configuration files, credentials, and potentially system files, which might be used for further exploitation, including privilege escalation or lateral movement within the network.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including configuration files, credentials, and system files, which could be used to escalate privileges or move laterally within a network.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ModelScope AgentScope Arbitrary File Download Vulnerability in rpc_agent_client Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating