Lucene search

K
cve[email protected]CVE-2024-24566
HistoryJan 31, 2024 - 5:15 p.m.

CVE-2024-24566

2024-01-3117:15:39
CWE-284
web.nvd.nist.gov
11
lobe chat
chatbot
framework
unauthorized access
plugins
password protection
vulnerability
patch
nvd
cve-2024-24566

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.

Affected configurations

Vulners
NVD
Node
lobehublobe_chatRange<0.122.4
VendorProductVersionCPE
lobehublobe_chat*cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "lobehub",
    "product": "lobe-chat",
    "versions": [
      {
        "version": "< 0.122.4",
        "status": "affected"
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Related for CVE-2024-24566