CVE-2024-6674

Name of the Vulnerable Software and Affected Versions lollms-webui versions prior to 10

Description A CORS misconfiguration allows attackers to steal sensitive information, such as logs, browser sessions, and settings containing private API keys from other services. This issue can also enable attackers to perform actions on behalf of a user, including deleting a project or sending a message, impacting the confidentiality and integrity of the information.

Recommendations For versions prior to 10, update to version 10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to prevent unauthorized actions on behalf of a user.