CVE-2024-2358 - Vulnerability Details - OpenCVE

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-16T09:03:45.397Z

Updated: 2024-08-01T19:11:53.476Z

Reserved: 2024-03-09T22:49:41.242Z

Link: CVE-2024-2358

Vulnrichment

Updated: 2024-08-01T19:11:53.476Z

NVD

Status : Awaiting Analysis

Published: 2024-05-16T09:15:09.800

Modified: 2024-11-21T09:09:35.293

Link: CVE-2024-2358

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2358", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-09T22:49:41.242Z", "datePublished": "2024-05-16T09:03:45.397Z", "dateUpdated": "2024-08-01T19:11:53.476Z"}, "containers": {"cna": {"title": "Path Traversal leading to Remote Code Execution in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:45.397Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-29 Path Traversal: '\\..\\filename'", "cweId": "CWE-29"}]}], "source": {"advisory": "b2771df3-be50-45bd-93c4-0974ce38bc22", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2358", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T15:53:53.050024Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:29:16.821Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.476Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.476Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2358", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T15:53:53.050024Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T15:55:25.666Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Path Traversal leading to Remote Code Execution in parisneo/lollms-webui", "source": {"advisory": "b2771df3-be50-45bd-93c4-0974ce38bc22", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-29", "description": "CWE-29 Path Traversal: '\\..\\filename'"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:45.397Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2358", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.476Z", "dateReserved": "2024-03-09T22:49:41.242Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-16T09:03:45.397Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui."}, {"lang": "es", "value": "Una vulnerabilidad de path traversal en el endpoint '/apply_settings' de parisneo/lollms-webui permite a los atacantes ejecutar c\u00f3digo arbitrario. La vulnerabilidad surge debido a una desinfecci\u00f3n insuficiente de la entrada proporcionada por el usuario en los ajustes de configuraci\u00f3n, espec\u00edficamente dentro del par\u00e1metro 'extensions'. Los atacantes pueden aprovechar esto manipulando un payload que incluya secuencias de path traversal relativo ('../../../'), lo que les permite navegar a directorios arbitrarios. Esta falla posteriormente permite que el servidor cargue y ejecute un archivo '__init__.py' malicioso, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. El problema afecta a la \u00faltima versi\u00f3n de parisneo/lollms-webui."}], "id": "CVE-2024-2358", "lastModified": "2024-11-21T09:09:35.293", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-16T09:15:09.800", "references": [{"source": "security@huntr.dev", "url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-29"}], "source": "security@huntr.dev", "type": "Secondary"}]}