Primary

Context

frdel Agent-Zero Directory Traversal Vulnerability in download_work_dir_file API

Vulnerability

A directory traversal vulnerability has been identified in frdel Agent-Zero versions 0.8.0 through 0.9.4. This issue allows unauthenticated attackers to exploit the 'path' parameter in the 'download_work_dir_file' API, enabling them to download arbitrary files from the server. The vulnerability arises because the application does not properly validate file paths, allowing for traversal sequences that can access sensitive files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a request to the 'download_work_dir_file' API with a crafted 'path' parameter that includes directory traversal sequences. For example, using '../' sequences to navigate the file system and access restricted files such as '/etc/passwd'.

Remediation

Users are advised to upgrade to Agent-Zero version 0.8.4.1, which addresses this vulnerability.

Added: Aug 21, 2025, 6:19 PM

Updated: Aug 21, 2025, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

frdel Agent-Zero Directory Traversal Vulnerability in download_work_dir_file API

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating