CVE-2024-6040

01.08.2024, 16:15

In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are susceptible to CSRF attacks and local attacks. An attacker can exploit this vulnerability to perform unauthorized actions on the victim's machine.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
@huntr_ai	CNA	4.4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Vendor	Product	Version
lollms	lollms_web_ui	9.8

𝑥

= Vulnerable software versions

Known Exploits!

https://huntr.com/bounties/ac0bbb1d-89aa-42ba-bc48-1b59bd16acc7

Common Weakness Enumeration

CWE-304 - Missing Critical Step in Authentication
The software implements an authentication technique, but it skips a step that weakens the technique.

References

https://huntr.com/bounties/ac0bbb1d-89aa-42ba-bc48-1b59bd16acc7