In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.
The vulnerability (CWE-434) lies in the fact that filetools actions in Composio do not properly validate paths provided by the user. An attacker can pass crafted paths (e.g., using path traversal sequences) to gain access to arbitrary locations in the server's file system. By leveraging the ability to write files to selected locations, an attacker can, for example, replace configuration files, startup scripts, or place malicious executable code, which can consequently lead to taking control of the server.
An attacker can read sensitive data stored on the server (including credentials, private keys) and write malicious files to any location on the system, enabling privilege escalation or full remote code execution on the server.
Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict network access to the Composio instance exclusively to trusted hosts and monitor activity in the filetools module until the update is deployed.
Composio (composiohq/composio) version 0.4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HComposio
APPComposio0.4.3
Related vulnerabilities
RCE w Composio przez niebezpieczne użycie eval() w kalkulatorze
Pominięcie uwierzytelnienia w Composio przez brak walidacji nagłówka x-api-key
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive informat...
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically ...
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerab...