Lucene search

Veracode Vulnerability DatabaseVERACODE:47946

HistoryJul 08, 2024 - 4:23 a.m.

Server-Side Request Forgery

2024-07-0804:23:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

ssrf

localai

unauthorized access

lfi

http(s) servers

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

53.0%

JSON

github.com/go-skynet/localai is vulnerable to Server-Side Request Forgery. The vulnerability is due to the /models/apply endpoint supporting both http(s):// and file:// schemes, which can lead to LFI. The attacker can exploit this vulnerability with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files.

References

github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866

huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

53.0%

JSON

Related for VERACODE:47946