PT-2024-25156 · Parisneo · Lollms-Webui
Published
2024-06-06
·
Updated
2024-10-17
·
CVE-2024-3322
9.8
Critical
Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
parisneo/lollms-webui versions up to 9.5
Description:
A path traversal vulnerability exists in the 'cyber security/codeguard' native personality, arising from the improper limitation of a pathname to a restricted directory in the 'process folder' function within 'lollms-webui/zoos/personalities zoo/cyber security/codeguard/scripts/processor.py'. The function fails to properly sanitize user-supplied input for the `code folder path`, allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation.
Recommendations:
As a temporary workaround, consider disabling the `process folder` function until a patch is available.
Restrict access to the `cyber security/codeguard` native personality to minimize the risk of exploitation.
Avoid using the `code folder path` variable in the affected API endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Weakness Enumeration
Related Identifiers
Affected Products
References · 7
- 🔥 https://huntr.com/bounties/e0822362-033a-4a71-b1dc-d803f03bd427 · Exploit
- https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189⭐ 4369 🔗 554 · Patch
- https://nvd.nist.gov/vuln/detail/CVE-2024-3322 · Security Note
- https://osv.dev/vulnerability/CVE-2024-3322 · Vendor Advisory
- https://twitter.com/CVEnew/status/1798789763001942435 · Twitter Post
- https://twitter.com/CveFindCom/status/1798792282851746273 · Twitter Post
- https://t.me/cvenotify/98666 · Telegram Post