CVE-2024-1646 - Vulnerability Details - OpenCVE

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8
https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-16T00:00:14.201Z

Updated: 2024-08-01T18:48:20.668Z

Reserved: 2024-02-19T21:27:04.120Z

Link: CVE-2024-1646

Vulnrichment

Updated: 2024-08-01T18:48:20.668Z

NVD

Status : Awaiting Analysis

Published: 2024-04-16T00:15:09.967

Modified: 2024-11-21T08:50:59.783

Link: CVE-2024-1646

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1646", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-19T21:27:04.120Z", "datePublished": "2024-04-16T00:00:14.201Z", "dateUpdated": "2024-08-01T18:48:20.668Z"}, "containers": {"cna": {"title": "Authentication Bypass in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:34.706Z"}, "descriptions": [{"lang": "en", "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "lessThan": "9.3", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"}, {"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288"}]}], "source": {"advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1646", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:18:33.557762Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:59:30.637Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:20.668Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:20.668Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1646", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T19:18:33.557762Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T19:17:45.575Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Authentication Bypass in parisneo/lollms-webui", "source": {"advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "9.3", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"}, {"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"}], "descriptions": [{"lang": "en", "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:34.706Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1646", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:48:20.668Z", "dateReserved": "2024-02-19T21:27:04.120Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-16T00:00:14.201Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."}, {"lang": "es", "value": "parisneo/lollms-webui es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una protecci\u00f3n insuficiente en los endpoints sensibles. La aplicaci\u00f3n verifica si el par\u00e1metro del host no es '0.0.0.0' para restringir el acceso, lo cual es inadecuado cuando la aplicaci\u00f3n est\u00e1 vinculada a una interfaz espec\u00edfica, lo que permite el acceso no autorizado a endpoints como '/restart_program', '/update_software', '/ check_update', '/start_recording' y '/stop_recording'. Esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, desactivaci\u00f3n o anulaci\u00f3n no autorizada de grabaciones y potencialmente otros impactos si ciertas funciones est\u00e1n habilitadas en la configuraci\u00f3n."}], "id": "CVE-2024-1646", "lastModified": "2024-11-21T08:50:59.783", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-16T00:15:09.967", "references": [{"source": "security@huntr.dev", "url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@huntr.dev", "type": "Secondary"}]}