Lucene search

GitHub Advisory DatabaseGHSA-9CHM-M6X2-6FVC

HistoryJun 27, 2024 - 9:32 p.m.

lollms vulnerable to path traversal due to unauthenticated root folder settings change

2024-06-2721:32:08

CWE-22

GitHub Advisory Database

github.com

lollms

path traversal

xtts server

v9.6

unauthenticated

root folder

settings

change

vulnerability

arbitrary files

audio files

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

Confidence

High

JSON

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to ‘/’. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

Affected configurations

Vulners

Node

lollmslollmsRange≤9.5.1

VendorProductVersionCPE
lollmslollms*cpe:2.3:a:lollms:lollms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lollms	lollms	*	cpe:2.3:a:lollms:lollms::::::::

References

github.com/advisories/GHSA-9chm-m6x2-6fvc

huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe

nvd.nist.gov/vuln/detail/CVE-2024-6085

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

Confidence

High

JSON

Related for GHSA-9CHM-M6X2-6FVC