Agent Zero Path Traversal Vulnerability Allowing Arbitrary File Reads

A path traversal vulnerability has been identified in Agent Zero versions prior to 1.15. This vulnerability allows unauthenticated attackers to read arbitrary files by sending crafted paths to the image file serving endpoint. The endpoint only checks file extensions against an allowlist, while the path containment verification is disabled. As a result, attackers can access any file with an image extension that the Agent Zero process can read, including files outside the application workspace, in user home directories, or on mounted volumes. The vulnerability also allows for symlink-based escapes due to inadequate path canonicalization in the path resolution process.

Impact

Exploitation of this vulnerability leads to unauthorized reading of files, including execution of scripts embedded in SVG files, which could be used to compromise the application user interface.

Reproduction

The vulnerability can be reproduced by sending a request to the '/api/image_get' endpoint with a crafted 'path' parameter that exploits the path traversal flaw. This can include paths to files outside the allowed directories, such as '/etc/passwd' or through symlink escapes.

Remediation

Users can update to Agent Zero version 1.15 or later, where this vulnerability has been fixed.