run-llama llama_index ObsidianReader Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in the ObsidianReader class of the run-llama/llama_index repository, specifically in versions 0.12.23 prior to 0.12.28. This vulnerability allows for arbitrary file reading through symbolic links. The issue arises because the ObsidianReader does not properly resolve symlinks to their real paths and fails to validate whether the resolved paths are within the intended directory. As a result, attackers can place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary file reading, with the potential to access sensitive files such as the passwd file or SSH private keys. This could lead to unauthorized access to protected systems. The vulnerability could be exploited in a cloud or server environment, allowing for automatic triggering without user interaction.

Reproduction

To reproduce this vulnerability, create a symlink in an Obsidian vault that points to a sensitive file, such as '/etc/passwd'. Then, use the ObsidianReader to load and process the Markdown files in the vault. The content of the symlinked file will be read and can be verified by checking the parsed documents.

Remediation

Users can update to ObsidianReader version 0.12.28, which addresses the vulnerability by adding proper symlink resolution and path validation.