frdel Agent Zero Path Traversal Vulnerability in File Download API

A path traversal vulnerability has been identified in frdel/agent0ai Agent Zero version 0.9.7-10. The issue arises in the 'get_abs_path' function within 'python/helpers/files.py', where user-supplied file paths are not properly validated, allowing absolute paths to escape the intended workspace directory. This vulnerability can be exploited remotely, leading to unauthorized access to sensitive files such as system files, SSH keys, and application secrets. The vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows authenticated users to read arbitrary files on the server, bypassing directory restrictions. This could include sensitive files like '/etc/passwd', application environment files containing API keys and secrets, SSH private keys, and cloud credential files.

Reproduction

To reproduce this vulnerability, start by running Agent Zero in a Docker container. Once the application is running, obtain a CSRF token by sending a request to the '/csrf_token' endpoint. With the CSRF token, send a request to the '/download_work_dir_file' endpoint, including an absolute path such as '/etc/passwd' or '/a0/.env' as the 'path' parameter. The response will contain the contents of the requested file, demonstrating the path traversal vulnerability.

Remediation

No known mitigation is available for this vulnerability.