CVE-2024-2362 - OpenCVE

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lollms	Lollms Web Ui

Configuration 1 [-]

OR	cpe:2.3:a:lollms:lollms_web_ui:9.3:::::linux::
	cpe:2.3:a:lollms:lollms_web_ui:9.3:::::windows::

No data.

References

Link	Providers
https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba

History

Thu, 17 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lollms Lollms lollms Web Ui
Weaknesses		CWE-22
CPEs		cpe:2.3:a:lollms:lollms_web_ui:9.3:::::linux:: cpe:2.3:a:lollms:lollms_web_ui:9.3:::::windows::
Vendors & Products		Lollms Lollms lollms Web Ui
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:08:14.865Z

Updated: 2024-08-01T19:11:53.464Z

Reserved: 2024-03-10T00:21:52.094Z

Link: CVE-2024-2362

Vulnrichment

Updated: 2024-08-01T19:11:53.464Z

NVD

Status : Analyzed

Published: 2024-06-06T19:15:54.767

Modified: 2024-10-17T15:54:17.573

Link: CVE-2024-2362

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2362", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-10T00:21:52.094Z", "datePublished": "2024-06-06T18:08:14.865Z", "dateUpdated": "2024-08-01T19:11:53.464Z"}, "containers": {"cna": {"title": "Path Traversal in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:14.865Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-36 Absolute Path Traversal", "cweId": "CWE-36"}]}], "source": {"advisory": "2433d0a4-9ba0-474b-be1a-6fd5019770ba", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "lollms-webui", "cpes": ["cpe:2.3:a:parisneo:lollms-webui:9.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T19:40:29.436955Z", "id": "CVE-2024-2362", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T19:42:03.438Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.464Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.464Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2362", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T19:40:29.436955Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:9.3:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "9.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T19:41:51.437Z"}}], "cna": {"title": "Path Traversal in parisneo/lollms-webui", "source": {"advisory": "2433d0a4-9ba0-474b-be1a-6fd5019770ba", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:14.865Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2362", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.464Z", "dateReserved": "2024-03-10T00:21:52.094Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:08:14.865Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.3:*:*:*:*:linux:*:*", "matchCriteriaId": "E666F6FD-3676-45F0-B9AD-8F379DD828E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.3:*:*:*:*:windows:*:*", "matchCriteriaId": "8141A73F-A080-4E27-9C0B-6F8EA1CD0BC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en parisneo/lollms-webui versi\u00f3n 9.3 en la plataforma Windows. Debido a una validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux, un atacante puede aprovechar esta vulnerabilidad para eliminar cualquier archivo del sistema. El problema surge de la falta de una sanitizaci\u00f3n adecuada de la entrada proporcionada por el usuario en el endpoint 'del_preset', donde la aplicaci\u00f3n no logra evitar el uso de rutas absolutas o secuencias de directory traversal ('..'). Como resultado, un atacante puede enviar una solicitud especialmente manipulada al endpoint 'del_preset' para eliminar archivos fuera del directorio deseado."}], "id": "CVE-2024-2362", "lastModified": "2024-10-17T15:54:17.573", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:54.767", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-36"}], "source": "security@huntr.dev", "type": "Secondary"}]}