CVE-2024-10831 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-10831?

CVE-2024-10831 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to upload arbitrary files to any location on the server by exploiting path traversal in the file upload endpoint. Attackers can overwrite critical system files like SSH keys to gain persistent access. All users running the vulnerable version of db-gpt are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to any location on the server by exploiting path traversal in the file upload endpoint. Attackers can overwrite critical system files like SSH keys to gain persistent access. All users running the vulnerable version of db-gpt are affected.

💻 Affected Systems

Products:

eosphoros-ai/db-gpt

Versions: 0.6.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with file upload functionality enabled and accessible.

📦 What is this software?

Db Gpt by Dbgpt

View all CVEs affecting Db Gpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through overwriting SSH keys or system binaries, leading to data theft, ransomware deployment, or use as attack infrastructure.

🟠

Likely Case

Unauthorized file uploads to sensitive directories, potentially enabling backdoor installation, data exfiltration, or service disruption.

🟢

If Mitigated

Limited impact with proper file permission restrictions and network segmentation, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the file upload endpoint but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.1 or later

Vendor Advisory: https://huntr.com/bounties/5c34c39f-66d4-414c-ab6a-f7888a5d882a

Restart Required: Yes

Instructions:

1. Update to version 0.6.1 or later. 2. Restart the db-gpt service. 3. Verify the fix by testing file upload functionality.

🔧 Temporary Workarounds

Restrict file upload permissions

linux

Configure the application to run with minimal privileges and restrict write access to necessary directories only.

chmod 755 /path/to/upload/directory
chown www-data:www-data /path/to/upload/directory

Implement file path validation

all

Add server-side validation to reject file paths containing directory traversal sequences like '../'.

🧯 If You Can't Patch

Disable file upload functionality entirely if not required.
Implement strict network access controls to limit who can reach the upload endpoint.

🔍 How to Verify

Check if Vulnerable:

Check if running version 0.6.0 and test file upload with a path traversal payload (e.g., '../../etc/passwd').

Check Version:

Check the application version in the web interface or configuration files.

Verify Fix Applied:

After updating, attempt the same path traversal test; it should be rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload attempts with '../' sequences in filenames
Failed or successful uploads to non-standard directories

Network Indicators:

HTTP POST requests to upload endpoints with suspicious filenames

SIEM Query:

source="web_logs" AND (uri_path="/upload" OR uri_path="/api/upload") AND (filename="*../*" OR file_key="*../*")

📊 Metadata

CVE ID: CVE-2024-10831

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-36

EPSS Score: 0.22% exploit probability (44.8th percentile)

Published: March 20, 2025

Last Updated: July 17, 2025

🔗 References

https://huntr.com/bounties/5c34c39f-66d4-414c-ab6a-f7888a5d882a Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10831, you might also want to check these: