CVE-2024-3121 - OpenCVE

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lollms	Lollms

Configuration 1 [-]

cpe:2.3:a:lollms:lollms:5.9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b

History

Fri, 13 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lollms Lollms lollms
Weaknesses		CWE-78
CPEs		cpe:2.3:a:lollms:lollms:5.9.0:::::::*
Vendors & Products		Lollms Lollms lollms
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-24T00:00:14.165Z

Updated: 2024-08-01T19:32:42.719Z

Reserved: 2024-03-31T19:18:08.417Z

Link: CVE-2024-3121

Vulnrichment

Updated: 2024-08-01T19:32:42.719Z

NVD

Status : Analyzed

Published: 2024-06-24T00:15:09.680

Modified: 2024-09-13T15:44:28.723

Link: CVE-2024-3121

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3121", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-31T19:18:08.417Z", "datePublished": "2024-06-24T00:00:14.165Z", "dateUpdated": "2024-08-01T19:32:42.719Z"}, "containers": {"cna": {"title": "Remote Code Execution in create_conda_env function in parisneo/lollms", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-24T00:00:14.165Z"}, "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "db57c343-9b80-4c1c-9ab0-9eef92c9b27b", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "lollms", "cpes": ["cpe:2.3:a:parisneo:lollms:5.9.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.9.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:04:19.373838Z", "id": "CVE-2024-3121", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T18:08:19.314Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.719Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.719Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3121", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T19:04:19.373838Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms:5.9.0:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms", "versions": [{"status": "affected", "version": "5.9.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:32:50.768Z"}}], "cna": {"title": "Remote Code Execution in create_conda_env function in parisneo/lollms", "source": {"advisory": "db57c343-9b80-4c1c-9ab0-9eef92c9b27b", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b"}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-24T00:00:14.165Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3121", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.719Z", "dateReserved": "2024-03-31T19:18:08.417Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-24T00:00:14.165Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B09904C7-405C-45C7-A1CA-768AAF169132", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la funci\u00f3n create_conda_env del repositorio parisneo/lollms, versi\u00f3n 5.9.0. La vulnerabilidad surge del uso de shell=True en la funci\u00f3n subprocess.Popen, que permite a un atacante inyectar comandos arbitrarios manipulando los par\u00e1metros env_name y python_version. Este problema podr\u00eda provocar una grave violaci\u00f3n de la seguridad, como lo demuestra la capacidad de ejecutar el comando \"whoami\" entre otros comandos potencialmente da\u00f1inos."}], "id": "CVE-2024-3121", "lastModified": "2024-09-13T15:44:28.723", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-24T00:15:09.680", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Secondary"}]}