{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5182", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-05-21T18:08:53.150Z", "datePublished": "2024-06-19T23:30:38.219Z", "dateUpdated": "2024-08-01T21:03:10.990Z"}, "containers": {"cna": {"title": "Path Traversal in mudler/localai", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-19T23:30:38.219Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter."}], "affected": [{"vendor": "mudler", "product": "mudler/localai", "versions": [{"version": "unspecified", "lessThan": "2.16.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545"}, {"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "source": {"advisory": "f7a87f29-c22a-48e8-9fce-b6d5a273e545", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "mudler", "product": "localai", "cpes": ["cpe:2.3:a:mudler:localai:0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.16.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T16:14:16.413630Z", "id": "CVE-2024-5182", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T16:15:08.227Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.990Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545", "tags": ["x_transferred"]}, {"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545", "tags": ["x_transferred"]}, {"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.990Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5182", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T16:14:16.413630Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mudler:localai:0:*:*:*:*:*:*:*"], "vendor": "mudler", "product": "localai", "versions": [{"status": "affected", "version": "0", "lessThan": "2.16.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T16:15:02.109Z"}}], "cna": {"title": "Path Traversal in mudler/localai", "source": {"advisory": "f7a87f29-c22a-48e8-9fce-b6d5a273e545", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "mudler", "product": "mudler/localai", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "2.16.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545"}, {"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-19T23:30:38.219Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5182", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:03:10.990Z", "dateReserved": "2024-05-21T18:08:53.150Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-19T23:30:38.219Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*", "matchCriteriaId": "82A38415-0349-46CD-850C-677CDDDC7DAD", "versionEndExcluding": "2.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en mudler/localai versi\u00f3n 2.14.0, donde un atacante puede explotar el par\u00e1metro `model` durante el proceso de eliminaci\u00f3n del modelo para eliminar archivos arbitrarios. Espec\u00edficamente, al elaborar una solicitud con un par\u00e1metro \"modelo\" manipulado, un atacante puede atravesar la estructura del directorio y apuntar a archivos fuera del directorio deseado, lo que lleva a la eliminaci\u00f3n de datos confidenciales. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada y una sanitizaci\u00f3n insuficientes del par\u00e1metro \"modelo\"."}], "id": "CVE-2024-5182", "lastModified": "2024-08-27T17:30:21.127", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-20T00:15:09.487", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}