Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-6139

HistoryJun 27, 2024 - 6:45 p.m.

CVE-2024-6139 Path Traversal in parisneo/lollms

2024-06-2718:45:54

CWE-29

@huntr_ai

github.com

cve-2024-6139

path traversal

parisneo/lollms

xtts server

version v9.6

audio files

improper validation

user-provided file paths

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the tts_to_file endpoint.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:parisneo:lollms-webui:9.6:*:*:*:*:*:*:*"
    ],
    "vendor": "parisneo",
    "product": "lollms-webui",
    "versions": [
      {
        "status": "affected",
        "version": "9.6",
        "versionType": "custom",
        "lessThanOrEqual": "9.8"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6139