CVE-2024-2548 - OpenCVE

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lollms	Lollms Web Ui

Configuration 1 [-]

cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265
https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41

History

Thu, 17 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lollms Lollms lollms Web Ui
Weaknesses		CWE-22
CPEs		cpe:2.3:a:lollms:lollms_web_ui::::::::
Vendors & Products		Lollms Lollms lollms Web Ui
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:08:15.065Z

Updated: 2024-08-01T19:18:48.129Z

Reserved: 2024-03-15T21:59:38.552Z

Link: CVE-2024-2548

Vulnrichment

Updated: 2024-08-01T19:18:48.129Z

NVD

Status : Analyzed

Published: 2024-06-06T19:15:55.217

Modified: 2024-10-17T15:52:32.283

Link: CVE-2024-2548

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2548", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-15T21:59:38.552Z", "datePublished": "2024-06-06T18:08:15.065Z", "dateUpdated": "2024-08-01T19:18:48.129Z"}, "containers": {"cna": {"title": "Path Traversal in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:15.065Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "lessThan": "9.5", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41"}, {"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-36 Absolute Path Traversal", "cweId": "CWE-36"}]}], "source": {"advisory": "65979513-db0d-46fd-9977-fcd73bcd8a41", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "parisneo\\/lollms-webui", "cpes": ["cpe:2.3:a:parisneo:parisneo\\/lollms-webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "9.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T19:27:25.503954Z", "id": "CVE-2024-2548", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T19:35:13.160Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.129Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.129Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2548", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-07T19:27:25.503954Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:parisneo\\/lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "parisneo\\/lollms-webui", "versions": [{"status": "affected", "version": "0", "lessThan": "9.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T19:29:07.415Z"}}], "cna": {"title": "Path Traversal in parisneo/lollms-webui", "source": {"advisory": "65979513-db0d-46fd-9977-fcd73bcd8a41", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "9.5", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41"}, {"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:15.065Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2548", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:18:48.129Z", "dateReserved": "2024-03-15T21:59:38.552Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:08:15.065Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7DA38B5-6496-47C5-88AF-17C4AF269B59", "versionEndExcluding": "9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro de los archivos `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` y `lollms_core/lollms/security.py`. Debido a la validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux utilizando `Path(path).is_absolute()`, los atacantes pueden aprovechar esta falla para leer cualquier archivo en el sistema. Este problema afecta a la \u00faltima versi\u00f3n de LoLLM que se ejecuta en la plataforma Windows. La vulnerabilidad se activa cuando un atacante env\u00eda una solicitud especialmente manipulada al endpoint `/user_infos/{path:path}`, permitiendo la lectura de archivos arbitrarios, como se demuestra con el archivo `win.ini`. El problema se solucion\u00f3 en la versi\u00f3n 9.5 del software."}], "id": "CVE-2024-2548", "lastModified": "2024-10-17T15:52:32.283", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:55.217", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-36"}], "source": "security@huntr.dev", "type": "Secondary"}]}