Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KnowAgent is vulnerable to Information Disclosure, and it results to attackers can read arbitrary files. #40

Open
gaogaostone opened this issue Aug 31, 2023 · 1 comment
Open

KnowAgent is vulnerable to Information Disclosure, and it results to attackers can read arbitrary files. #40

gaogaostone opened this issue Aug 31, 2023 · 1 comment

Comments

@gaogaostone
Copy link

  1. When I study the source code of KnowAgent, the file-content route in NormalLogCollectTaskController.java gets my attention. It seems to be a file read function.
    image
    2)Then I access the route via http request. It is a vulnerability which leads to an arbitrary file reading.
    The request URL is http://116.85.4.122:9010/api/v1/normal/collect-task/file-content?hostName=127.0.0.1&path=/etc/passwd
    image
@huqidong
Copy link
Collaborator

谢谢宝贵的建议,这的确是个漏洞,我们将修复.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gaogaostone @huqidong