Open Notebook Path Traversal Vulnerability in File Upload Functionality Allowing Arbitrary File Write
Vulnerability
A path traversal vulnerability has been identified in the file upload feature of Open Notebook version 1.8.3 and prior. This issue arises from inadequate validation of user input in filenames, enabling authenticated users to manipulate upload requests and write files to arbitrary locations within the Docker container's filesystem. The vulnerability could be exploited to overwrite application files or configurations, or to place web shells in directories accessible via the web.
Impact
Exploitation of this vulnerability allows for arbitrary file writing to any location accessible by the application process. This could be used to overwrite application code or configuration files, or to upload web shells to directories that are web-accessible.
Remediation
Users can upgrade to Open Notebook version 1.8.4, where this vulnerability has been addressed by sanitizing filenames and validating the resolved path to ensure it remains within the designated upload directory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.