CVE-2024-4326 - OpenCVE

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e
https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-16T09:03:47.208Z

Updated: 2024-06-05T19:09:14.040Z

Reserved: 2024-04-29T19:18:48.950Z

Link: CVE-2024-4326

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-16T09:15:16.887

Modified: 2024-05-16T13:03:05.353

Link: CVE-2024-4326

JSON object: View

Redhat Information

No data.

CWE

CWE-15

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4326", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-29T19:18:48.950Z", "datePublished": "2024-05-16T09:03:47.208Z", "dateUpdated": "2024-06-05T19:09:14.040Z"}, "containers": {"cna": {"title": "Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:47.208Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "lessThan": "9.5", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd"}, {"url": "https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-15 External Control of System or Configuration Setting", "cweId": "CWE-15"}]}], "source": {"advisory": "2ab9f03d-0538-4317-be21-0748a079cbdd", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "lollms-webui", "cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "9.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T19:03:49.204166Z", "id": "CVE-2024-4326", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T19:09:14.040Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5."}, {"lang": "es", "value": "Una vulnerabilidad en las versiones parisneo/lollms-webui hasta 9.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario. La vulnerabilidad se debe a una protecci\u00f3n insuficiente de los endpoints `/apply_settings` y `/execute_code`. Los atacantes pueden eludir las protecciones configurando el host en localhost, habilitando la ejecuci\u00f3n de c\u00f3digo y deshabilitando la validaci\u00f3n de c\u00f3digo a trav\u00e9s del endpoint `/apply_settings`. Posteriormente, se pueden ejecutar comandos arbitrarios de forma remota a trav\u00e9s del endpoint `/execute_code`, aprovechando el retraso en la aplicaci\u00f3n de la configuraci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 9.5."}], "id": "CVE-2024-4326", "lastModified": "2024-05-16T13:03:05.353", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-16T09:15:16.887", "references": [{"source": "security@huntr.dev", "url": "https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}], "source": "security@huntr.dev", "type": "Primary"}]}