CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
Configurations

No configuration.

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8 - () https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8 -
References () https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba - () https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba -

16 Apr 2024, 13:24

Type Values Removed Values Added
Summary
  • (es) parisneo/lollms-webui es vulnerable a la omisión de autenticación debido a una protección insuficiente en los endpoints sensibles. La aplicación verifica si el parámetro del host no es '0.0.0.0' para restringir el acceso, lo cual es inadecuado cuando la aplicación está vinculada a una interfaz específica, lo que permite el acceso no autorizado a endpoints como '/restart_program', '/update_software', '/ check_update', '/start_recording' y '/stop_recording'. Esta vulnerabilidad puede provocar denegación de servicio, desactivación o anulación no autorizada de grabaciones y potencialmente otros impactos si ciertas funciones están habilitadas en la configuración.

16 Apr 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-16 00:15

Updated : 2024-11-21 08:50


NVD link : CVE-2024-1646

Mitre link : CVE-2024-1646

CVE.ORG link : CVE-2024-1646


JSON object : View

Products Affected

No product.

CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel