CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8
https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-16 00:15

Updated : 2024-04-16 13:24

NVD link : CVE-2024-1646

Mitre link : CVE-2024-1646

CVE.ORG link : CVE-2024-1646

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2024-1646", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-04-16T00:15:09.967", "references": [{"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."}, {"lang": "es", "value": "parisneo/lollms-webui es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una protecci\u00f3n insuficiente en los endpoints sensibles. La aplicaci\u00f3n verifica si el par\u00e1metro del host no es '0.0.0.0' para restringir el acceso, lo cual es inadecuado cuando la aplicaci\u00f3n est\u00e1 vinculada a una interfaz espec\u00edfica, lo que permite el acceso no autorizado a endpoints como '/restart_program', '/update_software', '/ check_update', '/start_recording' y '/stop_recording'. Esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, desactivaci\u00f3n o anulaci\u00f3n no autorizada de grabaciones y potencialmente otros impactos si ciertas funciones est\u00e1n habilitadas en la configuraci\u00f3n."}], "lastModified": "2024-04-16T13:24:07.103", "sourceIdentifier": "security@huntr.dev"}