zhayujie chatgpt-on-wechat CowAgent Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in zhayujie chatgpt-on-wechat CowAgent versions through 2.0.4. The issue resides in the API Memory Content Endpoint, specifically within the function dispatch of the file agent/memory/service.py. The vulnerability allows an unauthenticated attacker to manipulate the filename parameter, bypassing path restrictions and accessing arbitrary files on the server. Exploitation can be performed remotely, and the vulnerability has been publicly disclosed along with a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files on the server, including system files like /etc/passwd and application configuration files containing full API keys. Additionally, SSH keys and other sensitive data can be accessed, leading to potential credential harvesting and unauthorized access to other systems or services.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/memory/content' endpoint with a crafted filename parameter that includes directory traversal sequences ('../'). The request can be made using tools like curl or through a web application testing framework. Once the request is sent, the response will indicate whether the traversal was successful by returning the contents of the requested file.

Remediation

Upgrade to version 2.0.5, which addresses the path traversal vulnerability by implementing proper path validation and sanitization. The updated version is available on the zhayujie chatgpt-on-wechat GitHub repository.