Exploit
CVE-2024-6673

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Oct 29, 2024 / Updated: 21d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.

Impact

This vulnerability allows an attacker to trick a user into installing ComfyUI without their knowledge or consent. The primary impact is on the availability of the system, as it can cause a crash if the victim's device lacks sufficient capacity to handle the installation. There is no direct impact on confidentiality or integrity of data. The attack requires user interaction and can be executed remotely over a network. The CVSS base score for this vulnerability is 6.5, indicating a medium severity level.

Exploitation

One proof-of-concept exploit is available on huntr.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. The fix was committed to the GitHub repository (parisneo/lollms-webui) on November 1, 2024. The patch can be found at: https://github.com/parisneo/lollms-webui/commit/c1bb1ad19752aa7541675b398495eaf98fd589f1

Mitigation

To mitigate this vulnerability, consider the following recommendations: 1. Update the lollms_web_ui to version 10 or later, which contains the patch for this vulnerability. 2. If immediate updating is not possible, implement CSRF protection mechanisms for the `install_comfyui` endpoint, such as requiring a unique token or using POST requests instead of GET. 3. Educate users about the risks of clicking on untrusted links, especially those that might trigger installations or system changes. 4. Monitor system resources and implement safeguards to prevent unauthorized installations that could lead to system crashes. 5. Consider implementing Content Security Policies (CSP) to restrict the sources of content that can be loaded, which can help mitigate CSRF attacks. 6. Regularly review and update security practices to prevent similar vulnerabilities in the future.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6673

Oct 29, 2024 at 1:15 PM
First Article

Feedly found the first article mentioning CVE-2024-6673. See article

Oct 29, 2024 at 1:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 29, 2024 at 1:22 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 29, 2024 at 5:39 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 30, 2024 at 10:18 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Nov 1, 2024 at 8:40 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 1, 2024 at 11:11 PM
Static CVE Timeline Graph

Affected Systems

Lollms/lollms_web_ui
+null more

Exploits

https://huntr.com/bounties/a38f9a7d-b357-427d-adac-f9654d8c0e3c
+null more

Patches

github.com
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

CVE-2024-6673 Exploit
CVE Id : CVE-2024-6673 Published Date: 2024-11-01T20:37:00+00:00 A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash. inTheWild added a link to an exploit: https://huntr.com/bounties/a38f9a7d-b357-427d-adac-f9654d8c0e3c
NA - CVE-2024-6673 - A Cross-Site Request Forgery (CSRF)...
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The...
CVE-2024-6673 | parisneo lollms-webui up to 9.8 lollms_comfyui.py cross-site request forgery
A vulnerability was found in parisneo lollms-webui up to 9.8 . It has been declared as problematic . Affected by this vulnerability is an unknown functionality of the file lollms_comfyui.py . The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-6673 . The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-6673 - Lollms WebUI CSRF Vulnerability
CVE ID : CVE-2024-6673 Published : Oct. 29, 2024, 1:15 p.m. 20 minutes ago Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash. Severity:
CVE-2024-6673
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI