Claude HUD Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in Claude HUD versions through 0.0.12. This vulnerability allows attackers to read arbitrary files by providing an unvalidated 'transcript_path' value via stdin JSON. The issue arises because the 'transcript_path' is not properly validated before being accessed, enabling the reading of any file that the process has permission to access. Additionally, the metadata of the accessed files is recorded in a persistent cache file with inadequate permissions, creating a lasting record of the accessed paths even after the process has exited.

Impact

Exploitation of this vulnerability allows for unauthorized reading of files accessible by the process, potentially leading to exposure of sensitive information. The vulnerability also creates a persistent cache of accessed file paths, which could be exploited for further attacks or reconnaissance.

Reproduction

To reproduce this vulnerability, send a JSON payload via stdin that includes an unvalidated 'transcript_path' value. The payload can be crafted to include path traversal sequences that the application will not properly sanitize, allowing access to arbitrary files on the system. Once the file is accessed, its metadata will be written to a cache file that persists after the application is closed.

Remediation

Users are advised to update to the patched version of Claude HUD, which is available in the GitHub repository. The latest version includes validation for the 'transcript_path' to ensure it does not traverse outside of the intended directory, as well as improvements to the caching mechanism to protect file metadata.