CVE-2024-5182 (GCVE-0-2024-5182)
Vulnerability from cvelistv5 – Published: 2024-06-19 23:30 – Updated: 2024-08-01 21:03
VLAI?
Title
Path Traversal in mudler/localai
Summary
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mudler | mudler/localai |
Affected:
unspecified , < 2.16.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mudler:localai:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5182",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:14:16.413630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:15:08.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mudler/localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T23:30:38.219Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545"
},
{
"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e"
}
],
"source": {
"advisory": "f7a87f29-c22a-48e8-9fce-b6d5a273e545",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in mudler/localai"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-5182",
"datePublished": "2024-06-19T23:30:38.219Z",
"dateReserved": "2024-05-21T18:08:53.150Z",
"dateUpdated": "2024-08-01T21:03:10.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.16.0\", \"matchCriteriaId\": \"82A38415-0349-46CD-850C-677CDDDC7DAD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de path traversal en mudler/localai versi\\u00f3n 2.14.0, donde un atacante puede explotar el par\\u00e1metro `model` durante el proceso de eliminaci\\u00f3n del modelo para eliminar archivos arbitrarios. Espec\\u00edficamente, al elaborar una solicitud con un par\\u00e1metro \\\"modelo\\\" manipulado, un atacante puede atravesar la estructura del directorio y apuntar a archivos fuera del directorio deseado, lo que lleva a la eliminaci\\u00f3n de datos confidenciales. Esta vulnerabilidad se debe a una validaci\\u00f3n de entrada y una sanitizaci\\u00f3n insuficientes del par\\u00e1metro \\\"modelo\\\".\"}]",
"id": "CVE-2024-5182",
"lastModified": "2024-11-21T09:47:08.590",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-06-20T00:15:09.487",
"references": "[{\"url\": \"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\"]}, {\"url\": \"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\"]}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5182\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-06-20T00:15:09.487\",\"lastModified\":\"2024-11-21T09:47:08.590\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de path traversal en mudler/localai versi\u00f3n 2.14.0, donde un atacante puede explotar el par\u00e1metro `model` durante el proceso de eliminaci\u00f3n del modelo para eliminar archivos arbitrarios. Espec\u00edficamente, al elaborar una solicitud con un par\u00e1metro \\\"modelo\\\" manipulado, un atacante puede atravesar la estructura del directorio y apuntar a archivos fuera del directorio deseado, lo que lleva a la eliminaci\u00f3n de datos confidenciales. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada y una sanitizaci\u00f3n insuficientes del par\u00e1metro \\\"modelo\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"82A38415-0349-46CD-850C-677CDDDC7DAD\"}]}]}],\"references\":[{\"url\":\"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:03:10.990Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5182\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-20T16:14:16.413630Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mudler:localai:0:*:*:*:*:*:*:*\"], \"vendor\": \"mudler\", \"product\": \"localai\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.16.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T16:15:02.109Z\"}}], \"cna\": {\"title\": \"Path Traversal in mudler/localai\", \"source\": {\"advisory\": \"f7a87f29-c22a-48e8-9fce-b6d5a273e545\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mudler\", \"product\": \"mudler/localai\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.16.0\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545\"}, {\"url\": \"https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2024-06-19T23:30:38.219Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5182\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:03:10.990Z\", \"dateReserved\": \"2024-05-21T18:08:53.150Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-06-19T23:30:38.219Z\", \"assignerShortName\": \"@huntr_ai\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…