Path Traversal in Dify Plugin Daemon API Access

Dify versions 1.14.1 and earlier contain a critical path traversal vulnerability in the Plugin Daemon's internal REST API that allows authenticated users to escape their authorized tenant boundaries. By exploiting insufficient URL path sanitization—specifically through unencoded dot sequences in task identifiers or manipulated filename parameters—attackers can access restricted internal endpoints including debug interfaces. This vulnerability is particularly dangerous because it requires only knowledge of the victim tenant's UUID, meaning any authenticated user within a Dify instance could potentially pivot to access sensitive administrative or debugging functionality they shouldn't have permission to reach. Organizations running Dify Cloud or self-hosted instances with multiple tenants face significant risk of unauthorized data exposure and system compromise.

While no direct MITRE ATT&CK techniques are mapped to this CVE, Casky's 754 security skills leverage Claude's extended reasoning to detect the attack patterns underlying path traversal exploits. Practitioners using Casky would identify suspicious activity through detection of CWE-23 violations: anomalous URL encoding patterns, repeated attempts with dot-dot-slash sequences or percent-encoded variants, and requests targeting endpoints outside the user's authorized tenant path. Security teams would see findings flagged on abnormal API request structures, unusual access attempts to debug endpoints, and lateral movement indicators within tenant hierarchies. By correlating authentication logs with API request patterns, Casky helps practitioners spot the reconnaissance and privilege escalation attempts that precede successful exploitation, enabling defense before an attacker gains access to sensitive debugging capabilities or cross-tenant data.