Lucene search

K
vulnrichmentGitHub_MVULNRICHMENT:CVE-2024-39688
HistoryJul 22, 2024 - 3:21 p.m.

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

2024-07-2215:21:18
CWE-22
GitHub_M
github.com
1
cve-2024-39688
fishaudio
bert-vits2
limited file write
webui_preprocess.py
generate_config
data_dir variable
config.json file
server vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

21.2%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.

CNA Affected

[
  {
    "vendor": "FishAudio",
    "product": "Bert-VITS2",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.3"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:fishaudio:bert-vits2:*:*:*:*:*:*:*:*"
    ],
    "vendor": "fishaudio",
    "product": "bert-vits2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

21.2%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-39688