PraisonAIAgents Path Traversal Vulnerability in list_files Tool Allows Arbitrary File Enumeration

A path traversal vulnerability has been identified in the PraisonAIAgents multi-agent system, specifically in versions prior to 1.5.128. The issue arises in the list_files() tool within the FileTools module, where the directory parameter is validated against workspace boundaries, but the pattern parameter is passed directly to Path.glob() without any validation. This oversight allows for relative path traversal using .. segments in the glob pattern, enabling an attacker to enumerate files outside the designated workspace and access file metadata such as existence, name, size, and timestamps for any path on the filesystem.

Impact

Exploitation of this vulnerability allows for arbitrary file enumeration on the filesystem, with potential access to sensitive files and metadata. This could include application configuration files, SSH keys, and other credentials. The vulnerability could also be exploited to map the server's directory structure and discover user accounts.

Reproduction

The vulnerability can be reproduced by calling the list_files() function with a directory parameter that is within the workspace and a pattern parameter that includes .. segments to traverse outside the workspace boundaries. The function will return metadata for files matched by the glob pattern, including those outside the workspace.

Remediation

Users are advised to update to PraisonAIAgents version 1.5.128 or later, where this vulnerability has been fixed.