Qdrant Arbitrary File Write Vulnerability via Logger Endpoint

A vulnerability in Qdrant versions 1.9.3 prior to 1.16.0 allows arbitrary file writing through the /logger endpoint. This issue arises because the endpoint accepts an attacker-controlled file path for on-disk logging, without proper authorization checks. Exploitation requires minimal privileges, as read-only access is sufficient.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, which can lead to remote code execution. In the reported case, the injected file was executed after being uploaded to a specific collection snapshot.

Reproduction

To reproduce this vulnerability, send a POST request to the /logger endpoint with a payload that includes an attacker-controlled log file path. If the configuration directory is writable and the local.yaml file does not exist, the injected path can be used to append data. After injecting the payload, Qdrant can be restarted to apply the changes, which may include executing uploaded code.

Remediation

Users are advised to update Qdrant to version 1.16.0 or later, restrict access to the /logger endpoint, and limit writable configuration directories.