InstructLab Path Traversal Vulnerability Allowing Arbitrary File Write
Vulnerability
A path traversal vulnerability has been identified in InstructLab, specifically within the chat session handler. This vulnerability arises from an unsanitized 'logs_dir' parameter, which can be manipulated by a local attacker. Exploiting this flaw allows the creation of arbitrary directories and the writing of files to any location on the system. Such actions could lead to unauthorized modification or disclosure of data.
Impact
Exploitation of this vulnerability could result in unauthorized creation of directories and writing of files, potentially allowing local attackers to modify or access sensitive data.
Reproduction
The vulnerability can be reproduced by manipulating the 'logs_dir' parameter in the chat session handler. This can be done by sending a crafted request that includes a path traversal payload, which exploits the lack of proper validation on the 'logs_dir' parameter. Once the payload is accepted, arbitrary directories can be created and files can be written to locations of the attacker's choosing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.