ContinueDev JSON-RPC Server Path Traversal Vulnerability in lsTool Component

A path traversal vulnerability has been identified in the ContinueDev JSON-RPC server, specifically in version 1.2.22. The issue arises in the lsTool function within the file core/tools/implementations/lsTool.ts. The vulnerability allows local attackers to manipulate the dirPath argument, leading to unauthorized access to the file system. Exploitation of this vulnerability can bypass security policies and access restrictions, potentially allowing for the enumeration of sensitive files and directories.

Impact

Exploitation of this vulnerability allows for arbitrary file enumeration, bypassing security policies and access restrictions. This could lead to the exposure of sensitive system files and directory structures, such as those found in the user's home directory or critical system directories.

Reproduction

The vulnerability can be reproduced by using a Python script that acts as a JSON-RPC client. The script should connect to the Continue Core server on TCP port 3000 and send a payload that includes an absolute path, such as '/etc', as the dirPath argument. The response will contain the contents of the specified directory, demonstrating the path traversal exploitation.