Exploit
CVE-2024-6985

Relative Path Traversal (CWE-23)

Published: Oct 11, 2024 / Updated: 39d ago

010
CVSS 4.4EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

Impact

This vulnerability could allow an attacker to read sensitive files from the victim's computer by exploiting the path traversal vulnerability in the api open_personality_folder endpoint. The attacker could potentially access confidential information, system files, or other sensitive data stored on the affected system, bypassing intended access restrictions. The confidentiality impact is considered HIGH, while integrity and availability impacts are NONE. The vulnerability has a CVSS v3.1 base score of 4.4, indicating a MEDIUM severity.

Exploitation

One proof-of-concept exploit is available on huntr.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The Github Advisory for this vulnerability was published on 2024-10-11. The vulnerability affects lollms versions prior to 5.9.0. A fix has been implemented in the GitHub repository with commit 28ee567a9a120967215ff19b96ab7515ce469620.

Mitigation

1. Update to lollms version 5.9.0 or later that includes the patch for this vulnerability. 2. Implement strict input validation and sanitization for the personality_folder parameter in the api open_personality_folder endpoint. 3. Apply the principle of least privilege to limit access to sensitive directories and files. 4. Use a web application firewall (WAF) to help detect and block path traversal attempts. 5. Regularly audit and review the application's file access mechanisms to ensure proper security controls are in place.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6985

Oct 11, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-6985. See article

Oct 11, 2024 at 4:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 11, 2024 at 4:21 PM
Vendor Advisory

GitHub Advisories released a security advisory.

Oct 11, 2024 at 6:32 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 12, 2024 at 10:02 AM
Threat Intelligence Report

CVE-2024-6985 is a path traversal vulnerability in the api open_personality_folder endpoint of parisneo/lollms-webui, allowing attackers to read arbitrary files on a victim's computer due to improper sanitization of the personality_folder parameter; it has a CVSS score estimated as MEDIUM. Currently, there is no evidence of exploitation in the wild or public proof-of-concept exploits. A patch is available, and mitigations include strict input validation, applying the principle of least privilege, and using a web application firewall. See article

Oct 13, 2024 at 1:48 AM
CVSS

A CVSS base score of 4.4 has been assigned.

Nov 15, 2024 at 5:15 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 15, 2024 at 8:10 PM
Static CVE Timeline Graph

Affected Systems

Lollms/lollms
+null more

Exploits

https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

Vendor Advisory

[GHSA-6h64-g7cj-hj56] Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
GitHub Security Advisory: GHSA-6h64-g7cj-hj56 Release Date: 2024-10-11 Update Date: 2024-10-11 Severity: Moderate CVE-2024-6985 Package Information Package: lollms Affected Versions: Patched Versions: None Description A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

News

CVE-2024-6985 Exploit
CVE Id : CVE-2024-6985 Published Date: 2024-11-15T17:10:00+00:00 A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. inTheWild added a link to an exploit: https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
CVE Alert: CVE-2024-6985 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-6985/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_6985
CVE Alert: CVE-2024-6985
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
CVE-2024-6985
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. Gravedad 3.1 (CVSS 3.1 Base Score)
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI