Microsoft APM Path Traversal Vulnerability Allowing Arbitrary File Copy

A path traversal vulnerability has been identified in Microsoft APM versions prior to 0.8.12. This issue allows malicious plugins to escape their designated directories and copy arbitrary readable files or directories from the installer's machine to a user-accessible location within the APM directory. The vulnerability arises because the plugin manifest fields 'agents', 'skills', 'commands', and 'hooks' can be controlled by attackers, and the current implementation fails to restrict these paths to within the plugin directory. Exploitation occurs during the 'apm install' process, where the copied files can trigger automatic integrations into the user's project, potentially leading to unauthorized exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary local file copying into the APM directory, with the possibility of integrating that content into the user's project. This could result in sensitive host files being staged into repository-controlled paths, increasing the risk of accidental exposure or synchronization through version control.

Reproduction

To reproduce this vulnerability, install Microsoft APM version 0.8.11 into a Python environment. Create a malicious plugin that references an external file in its 'plugin.json' commands field. When 'apm install' is executed, the specified file is copied into a project directory, bypassing normal dependency containment.

Remediation

Users should update to Microsoft APM version 0.8.12 or later, where this vulnerability has been fixed.