CVE-2024-6394 (GCVE-0-2024-6394)

Vulnerability from cvelistv5 – Published: 2024-09-30 08:09 – Updated: 2024-10-01 14:30
VLAI?
Summary
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.
Severity ?
7.5 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-29 - Path Traversal: '\..\filename'
Assigner
References
Impacted products
Vendor Product Version
parisneo parisneo/lollms-webui Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lollms-webui",
            "vendor": "parisneo",
            "versions": [
              {
                "lessThan": "9.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6394",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T14:28:46.072497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T14:30:23.314Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parisneo/lollms-webui",
          "vendor": "parisneo",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-29",
              "description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-30T08:09:10.169Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf"
        }
      ],
      "source": {
        "advisory": "6df4f990-b632-4791-b3ea-f40c9ea905bf",
        "discovery": "EXTERNAL"
      },
      "title": "Local File Inclusion in parisneo/lollms-webui"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-6394",
    "datePublished": "2024-09-30T08:09:10.169Z",
    "dateReserved": "2024-06-27T17:33:06.404Z",
    "dateUpdated": "2024-10-01T14:30:23.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de inclusi\\u00f3n de archivos locales en las versiones de parisneo/lollms-webui anteriores a la v9.8. La vulnerabilidad se debe a una concatenaci\\u00f3n de rutas no verificada en la funci\\u00f3n `serve_js` en `app.py`, que permite a los atacantes realizar ataques de path traversal. Esto puede provocar un acceso no autorizado a archivos arbitrarios en el servidor, lo que podr\\u00eda exponer informaci\\u00f3n confidencial, como claves SSH privadas, archivos de configuraci\\u00f3n y c\\u00f3digo fuente.\"}]",
      "id": "CVE-2024-6394",
      "lastModified": "2024-09-30T12:45:57.823",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-09-30T08:15:03.850",
      "references": "[{\"url\": \"https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf\", \"source\": \"security@huntr.dev\"}]",
      "sourceIdentifier": "security@huntr.dev",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-29\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6394\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-09-30T08:15:03.850\",\"lastModified\":\"2025-07-09T14:18:48.220\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inclusi\u00f3n de archivos locales en las versiones de parisneo/lollms-webui anteriores a la v9.8. La vulnerabilidad se debe a una concatenaci\u00f3n de rutas no verificada en la funci\u00f3n `serve_js` en `app.py`, que permite a los atacantes realizar ataques de path traversal. Esto puede provocar un acceso no autorizado a archivos arbitrarios en el servidor, lo que podr\u00eda exponer informaci\u00f3n confidencial, como claves SSH privadas, archivos de configuraci\u00f3n y c\u00f3digo fuente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-29\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lollms:lollms_web_ui:9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9177E7C-9C27-4C3C-AC97-7F277FEEC725\"}]}]}],\"references\":[{\"url\":\"https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6394\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-01T14:28:46.072497Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*\"], \"vendor\": \"parisneo\", \"product\": \"lollms-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"9.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-01T14:30:19.389Z\"}}], \"cna\": {\"title\": \"Local File Inclusion in parisneo/lollms-webui\", \"source\": {\"advisory\": \"6df4f990-b632-4791-b3ea-f40c9ea905bf\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"parisneo\", \"product\": \"parisneo/lollms-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"latest\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-29\", \"description\": \"CWE-29 Path Traversal: \u0027\\\\..\\\\filename\u0027\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2024-09-30T08:09:10.169Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6394\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T14:30:23.314Z\", \"dateReserved\": \"2024-06-27T17:33:06.404Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-09-30T08:09:10.169Z\", \"assignerShortName\": \"@huntr_ai\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.