Cyber Resilience

CVE-2024-3584

HighPublic PoC

Published: 30 May 2024

Published
30 May 2024
Modified
10 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0039 60.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3584 is a high-severity Improper Input Validation (CWE-20) vulnerability in Qdrant Qdrant. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Similarity Search; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), External Harms (AML.T0048).

EU & UK References

Vulnerability details

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as…

more

`/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

CWE(s)

AI Security AnalysisAI

AI Category
Similarity Search
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Qdrant is a vector database specifically designed for similarity search and storing embeddings in AI/ML applications, and the vulnerability affects its core server endpoints for collections and snapshots.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
T1608.002 Upload Tool Resource Development
Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

Path traversal in public-facing upload endpoint (T1190) enables arbitrary file writes, facilitating ingress of tools/malware directly to desired filesystem locations (T1105, T1608.001, T1608.002) for persistence, execution, or takeover.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0048: External Harms

Affected Assets

qdrant
qdrant
≤ 1.9.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References