Compliance Impact

The vulnerability allows unauthenticated attackers to read arbitrary files, including those outside the agent workspace and user home directories, potentially exposing sensitive data.

This unauthorized access to files could lead to breaches of confidentiality and data privacy, which are critical concerns under regulations such as GDPR and HIPAA.

Additionally, the SVG-based cross-site scripting (XSS) risk could enable attackers to steal cookies and interact with API endpoints, further compromising data security and user privacy.

Therefore, exploitation of this vulnerability may result in non-compliance with data protection standards that require safeguarding personal and sensitive information against unauthorized access and disclosure.

Useful 0 Not Useful 0

Executive Summary

Agent Zero before version 1.15 has a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending specially crafted paths to the image file serving endpoint.

This endpoint relies only on an extension allowlist and has its path containment check disabled, meaning it does not properly restrict file access to intended directories.

Attackers can request any file with an image extension that the process can read, including files outside the agent workspace, user home directories, and mounted volumes.

Additionally, the lack of path canonicalization allows attackers to use symbolic link (symlink) based escapes to access unauthorized files.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive files on the affected system.

Since attackers can read arbitrary files with image extensions, they might access confidential information stored outside the intended directories.

This exposure could include user data, configuration files, or other sensitive information residing in user home directories or mounted volumes.

Because the vulnerability is exploitable without authentication, it increases the risk of data leakage from the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access files outside the intended directory through the Agent Zero `/api/image_get` endpoint using crafted paths with image file extensions.

Since the vulnerability allows reading arbitrary files with image extensions, you can test by sending HTTP requests to the vulnerable endpoint with paths targeting sensitive files or directories outside the agent workspace.

• Use curl or similar tools to send requests to the `/api/image_get` endpoint with crafted paths, for example:
• curl -v "http://<agent-zero-host>/api/image_get?path=../../../../etc/passwd.jpg"
• curl -v "http://<agent-zero-host>/api/image_get?path=../../../../home/user/.ssh/id_rsa.png"

If the response contains contents of files outside the expected directory, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Agent Zero to version 1.15 or later, where the vulnerability has been patched.

The patch introduces strict path resolution and validation to ensure requested image paths are confined within the Agent Zero base directory, including symlink-aware checks.

Additionally, the patch hardens SVG and SVGZ responses with security headers to prevent script execution and potential XSS attacks.

If upgrading immediately is not possible, consider restricting access to the `/api/image_get` endpoint to trusted users or networks and monitor for suspicious requests attempting path traversal.

Useful 0 Not Useful 0