JeecgBoot Path Traversal Vulnerability in Retrieval-Augmented Generation Module

A path traversal vulnerability has been identified in JeecgBoot versions prior to 3.9.0, specifically within the Retrieval-Augmented Generation module. The issue arises in the '/airag/knowledge/doc/edit' file, where the 'filePath' parameter can be manipulated to traverse directories. This vulnerability allows authenticated attackers to access arbitrary local files outside the web root, potentially leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability allows for restricted arbitrary file read, where the application is tricked into reading files outside of its intended directory, as long as those files have the right extensions.

Reproduction

To reproduce this vulnerability, log into the JeecgBoot application and navigate to the AI RAG module. Create a new knowledge base and upload a file. Then, send a request to the '/jeecgboot/airag/knowledge/doc/edit' endpoint with a JSON payload that includes a 'filePath' value crafted to include directory traversal sequences, such as '../'. If successful, the response will contain the contents of the traversed file, demonstrating the exploitation of the path traversal vulnerability.