CVE-2024-8537
📋 TL;DR
A path traversal vulnerability in modelscope/agentscope's /delete-workflow endpoint allows attackers to delete arbitrary files from the filesystem by manipulating file paths. This affects all versions of the application and can lead to data loss, service disruption, or system compromise.
💻 Affected Systems
- modelscope/agentscope
📦 What is this software?
Agentscope by Modelscope
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via deletion of critical system files, leading to OS corruption, service unavailability, or privilege escalation.
Likely Case
Data loss and service disruption through deletion of application files, configuration files, or user data.
If Mitigated
Limited impact if proper file permissions and input validation are in place, potentially only affecting application-specific directories.
🎯 Exploit Status
The vulnerability is straightforward to exploit with simple path traversal payloads. Public proof-of-concept exists on huntr.com.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check the official GitHub repository for latest patched version
Vendor Advisory: https://huntr.com/bounties/eeb8aa4b-e6e5-465c-b0dd-aa97e3b7dc09
Restart Required: Yes
Instructions:
1. Update to the latest version of modelscope/agentscope from the official repository. 2. Restart the application service. 3. Verify the fix by testing the /delete-workflow endpoint with traversal payloads.
🔧 Temporary Workarounds
Disable vulnerable endpoint
allTemporarily disable or block access to the /delete-workflow endpoint
# Use web server configuration to block the endpoint
# Example for nginx: location /delete-workflow { deny all; }
# Example for Apache: <Location /delete-workflow> Require all denied </Location>
Implement input validation proxy
allAdd a reverse proxy or WAF that validates and sanitizes file path inputs
# Configure WAF rules to block path traversal patterns
# Example ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Implement strict file system permissions to limit the application's write/delete access to only necessary directories
- Deploy network segmentation and firewall rules to restrict access to the vulnerable endpoint to trusted sources only
🔍 How to Verify
Check if Vulnerable:
Test the /delete-workflow endpoint with path traversal payloads like '../../etc/passwd' or similar. Monitor if files outside the intended directory can be deleted.Check Version:
Check the application version through its API or configuration files. For Python packages: pip show agentscopeVerify Fix Applied:
After patching, attempt the same path traversal tests and verify they are rejected with proper error messages and no file deletion occurs.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events
- Requests to /delete-workflow with '../' patterns
- Error logs showing path traversal attempts
- Failed file operations with permission errors
Network Indicators:
- HTTP requests to /delete-workflow containing path traversal sequences
- Unusual patterns of DELETE requests to the application
SIEM Query:
source="web_logs" AND (uri_path="/delete-workflow" AND (request_body CONTAINS "../" OR uri_query CONTAINS "../"))