Home > Vulnerability Database > CVE-2024-3078

Mend.io Vulnerability Database

CVE-2024-3078

Good to know:

Date: March 29, 2024

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.

Language: RUST

Severity Score

5.5

Related Resources (7)

Url: https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62

Url: https://github.com/qdrant/qdrant/pull/3856

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3078

Url: https://vuldb.com/?ctiid.258611

Url: https://github.com/qdrant/qdrant/releases/tag/v1.8.3

Url: https://vuldb.com/?id.258611

Url: https://www.mend.io/vulnerability-database/CVE-2024-3078

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v1.8.3

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.2
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3078

Good to know:

Date: March 29, 2024

Language: RUST

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?