CVE-2024-4328 - OpenCVE

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Parisneo	Lollms Web Ui

Configuration 1 [-]

cpe:2.3:a:parisneo:lollms_web_ui:9.6:*:*:*:*:*:*:*

References

Link	Resource
https://huntr.com/bounties/0f4faadf-ebca-4ef8-9d8a-66dbd849c0f8	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-10T07:27:09.072Z

Updated: 2024-06-10T12:18:56.901Z

Reserved: 2024-04-29T20:00:20.042Z

Link: CVE-2024-4328

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-10T08:15:51.730

Modified: 2024-06-12T19:33:00.527

Link: CVE-2024-4328

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4328", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-29T20:00:20.042Z", "datePublished": "2024-06-10T07:27:09.072Z", "dateUpdated": "2024-06-10T12:18:56.901Z"}, "containers": {"cna": {"title": "CSRF in clear_personality_files_list in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-10T07:27:09.072Z"}, "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/0f4faadf-ebca-4ef8-9d8a-66dbd849c0f8"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}], "source": {"advisory": "0f4faadf-ebca-4ef8-9d8a-66dbd849c0f8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "lollms-webui", "cpes": ["cpe:2.3:a:parisneo:lollms-webui:9.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T12:17:31.087611Z", "id": "CVE-2024-4328", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T12:18:56.901Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:parisneo:lollms_web_ui:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "525C477F-F133-44B9-A0BC-43C1080D35F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funci\u00f3n clear_personality_files_list de parisneo/lollms-webui v9.6. La vulnerabilidad surge del uso de una solicitud GET para borrar la lista de archivos de personalidad, que carece de la protecci\u00f3n CSRF adecuada. Esta falla permite a los atacantes enga\u00f1ar a los usuarios para que realicen acciones sin su consentimiento, como eliminar archivos importantes del sistema. El problema est\u00e1 presente en el manejo de solicitudes por parte de la aplicaci\u00f3n, lo que la hace susceptible a ataques CSRF que podr\u00edan llevar a la realizaci\u00f3n de acciones no autorizadas en nombre del usuario."}], "id": "CVE-2024-4328", "lastModified": "2024-06-12T19:33:00.527", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T08:15:51.730", "references": [{"source": "security@huntr.dev", "tags": ["Exploit"], "url": "https://huntr.com/bounties/0f4faadf-ebca-4ef8-9d8a-66dbd849c0f8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@huntr.dev", "type": "Primary"}]}