CVE-2024-3829 – CVE-2024-3829 is a path traversal vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-3829?

CVE-2024-3829 has a CVSS score of 9.1 (CRITICAL). CVE-2024-3829 is a path traversal vulnerability in qdrant/qdrant that allows attackers to read and write arbitrary files during snapshot recovery. By manipulating snapshot files to include symlinks, attackers can access sensitive system files or write malicious payloads. This affects qdrant/qdrant version 1.9.0-dev.

📋 TL;DR

CVE-2024-3829 is a path traversal vulnerability in qdrant/qdrant that allows attackers to read and write arbitrary files during snapshot recovery. By manipulating snapshot files to include symlinks, attackers can access sensitive system files or write malicious payloads. This affects qdrant/qdrant version 1.9.0-dev.

💻 Affected Systems

Products:

qdrant/qdrant

Versions: 1.9.0-dev only

Operating Systems: All operating systems running qdrant

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using snapshot recovery functionality. The vulnerability is in the snapshot recovery process specifically.

📦 What is this software?

Qdrant by Qdrant

View all CVEs affecting Qdrant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary file write leading to remote code execution, credential theft, or data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files (configuration, credentials, data) and potential data manipulation.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are in place, but still significant risk to qdrant data.

🌐 Internet-Facing: HIGH - If qdrant is exposed to the internet, attackers can exploit this without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires snapshot recovery capability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires ability to upload or manipulate snapshot files, but no authentication is needed for the vulnerability itself. Public proof-of-concept exists in the bounty report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.9.0

Vendor Advisory: https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260

Restart Required: Yes

Instructions:

1. Stop qdrant service. 2. Update to version v1.9.0 or later using package manager or direct download. 3. Restart qdrant service. 4. Verify version is v1.9.0 or newer.

🔧 Temporary Workarounds

Disable snapshot recovery

all

Prevent snapshot recovery functionality to block the attack vector

Configure qdrant to disable snapshot recovery via configuration file or environment variables

Restrict snapshot file access

linux

Limit who can upload or modify snapshot files

chmod 600 /path/to/snapshot/directory
chown root:root /path/to/snapshot/directory

🧯 If You Can't Patch

Disable snapshot recovery functionality completely
Implement strict access controls on snapshot directories and network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if running qdrant version 1.9.0-dev. If using snapshot recovery functionality, assume vulnerable.

Check Version:

qdrant --version or check service/container version

Verify Fix Applied:

Verify qdrant version is v1.9.0 or newer and test snapshot recovery with controlled symlink files.

📡 Detection & Monitoring

Log Indicators:

Unusual snapshot recovery attempts
Access to unexpected files during recovery
Symlink creation in snapshot directories

Network Indicators:

Unexpected snapshot uploads to qdrant API endpoints

SIEM Query:

source="qdrant" AND ("snapshot" AND "recovery") AND ("symlink" OR "../" OR path traversal patterns)

📊 Metadata

CVE ID: CVE-2024-3829

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-59

Published: June 3, 2024

Last Updated: October 15, 2025

🔗 References

https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260 Patch
https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08 Exploit,Third Party Advisory
https://github.com/qdrant/qdrant/commit/ee7a31ec3459a6a4219200234615c1817ab82260 Patch
https://huntr.com/bounties/abd9c906-75ee-4d84-b76d-ce1386401e08 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3829, you might also want to check these: