HIGH🇵🇱 Wersja polska

CVE-2024-8501

CVSS 8.8v3.1pub. 2025-03-20upd. 2025-04-01

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Modelscope Agentscope

    APP
    Modelscope
    0.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-8537CRITICAL9.1PL ✓ten sam produkt

Path traversal umożliwiający usunięcie dowolnych plików w AgentScope

CVE-2024-8551CRITICAL9.1PL ✓ten sam produkt

Path traversal w AgentScope umożliwia odczyt i zapis plików JSON

CVE-2024-8487CRITICAL9.8PL ✓ten sam produkt

Błędna konfiguracja CORS w Modelscope AgentScope umożliwia nieautoryzowany dostęp do API

CVE-2024-48050CRITICAL9.8PL ✓ten sam produkt

RCE przez niezabezpieczone eval() w Modelscope AgentScope

CVE-2024-8524HIGH7.5ten sam produkt

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit thi...