CVE-2024-2361

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2361
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where the application fails to properly sanitize the `file://` protocol and other inputs, leading to arbitrary read and upload capabilities. Attackers can exploit this vulnerability by manipulating the `path` and `variant_name` parameters to achieve path traversal, allowing for the reading of arbitrary files and uploading files to arbitrary locations on the server. This vulnerability affects the latest version of parisneo/lollms-webui.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176
https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176
Configurations

No configuration.

History

21 Nov 2024, 09:09

Type Values Removed Values Added
References () https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176 - () https://huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176 -
Summary
  • (es) Una vulnerabilidad en parisneo/lollms-webui permite la carga y lectura de archivos arbitrarios debido a una desinfección insuficiente de la entrada proporcionada por el usuario. Específicamente, el problema reside en la función `install_model()` dentro de `lollms_core/lollms/binding.py`, donde la aplicación no puede limpiar correctamente el protocolo `file://` y otras entradas, lo que genera capacidades de carga y lectura arbitrarias. Los atacantes pueden explotar esta vulnerabilidad manipulando los parámetros `path` y `variant_name` para lograr path traversal, lo que permite la lectura de archivos arbitrarios y la carga de archivos a ubicaciones arbitrarias en el servidor. Esta vulnerabilidad afecta a la última versión de parisneo/lollms-webui.

16 May 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-16 09:15

Updated : 2024-11-21 09:09

NVD link : CVE-2024-2361

Mitre link : CVE-2024-2361

CVE.ORG link : CVE-2024-2361

JSON object : View

Products Affected

No product.

CWE
CWE-29

Path Traversal: '\..\filename'


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024