Plattform
docker
Komponente
mudler/localai
Behoben in
2.16.0
CVE-2024-5182 describes a path traversal vulnerability discovered in localai versions up to 2.16.0. This flaw allows an attacker to delete arbitrary files on the system by exploiting the model parameter during the model deletion process. Successful exploitation can result in the loss of sensitive data and compromise system integrity. The vulnerability has been addressed with the release of version 2.16.0.
The path traversal vulnerability in localai allows an attacker to bypass intended directory restrictions and delete files outside of the expected scope. By crafting a malicious request with a manipulated model parameter, an attacker can traverse the file system and target sensitive data, configuration files, or even critical system files. The impact can range from data exfiltration and denial of service to complete system takeover, depending on the permissions of the user account running the localai process. This vulnerability shares similarities with other path traversal exploits where insufficient input validation leads to unauthorized file access and modification.
CVE-2024-5182 was publicly disclosed on 2024-06-19. The EPSS score is currently pending evaluation. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that a PoC will emerge. It is not currently listed on the CISA KEV catalog.
Organizations deploying localai in production environments, particularly those using older versions (≤2.16.0), are at risk. Shared hosting environments where multiple users share the same localai instance are also vulnerable, as an attacker could potentially exploit the vulnerability to delete files belonging to other users. Users relying on localai for critical data processing or storage should prioritize patching.
• docker: Inspect running containers for localai versions prior to 2.16.0 using docker ps and docker exec -it <container_id> localai --version.
• file system: Monitor file system activity for unexpected file deletions, particularly in directories containing sensitive data. Use tools like inotifywait (Linux) or file integrity monitoring solutions.
• network: Monitor network traffic for suspicious requests targeting the model deletion endpoint with unusual or manipulated parameters. Use tools like Wireshark or tcpdump.
• logs: Examine localai application logs for error messages or warnings related to file access or deletion attempts.
disclosure
Exploit-Status
EPSS
2.49% (85% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5182 is to upgrade localai to version 2.16.0 or later, which includes the necessary input validation fixes. If upgrading is not immediately feasible, consider implementing stricter file access controls and directory permissions to limit the potential impact of a successful exploit. Additionally, implement a Web Application Firewall (WAF) with rules to detect and block requests containing suspicious path traversal patterns in the model parameter. Monitor system logs for unusual file deletion activity and implement intrusion detection systems (IDS) to alert on potential exploitation attempts. After upgrade, confirm by attempting to delete a test model with a crafted path traversal payload and verifying that the deletion fails.
Actualice a la versión 2.16.0 o posterior de mudler/localai. Esta versión corrige la vulnerabilidad de path traversal. La actualización se puede realizar descargando la nueva imagen de Docker o actualizando el código fuente y reconstruyendo la aplicación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5182 is a Path Traversal vulnerability in localai versions up to 2.16.0, allowing attackers to delete arbitrary files by manipulating the 'model' parameter.
You are affected if you are running localai version 2.16.0 or earlier. Upgrade to the latest version (2.16.0+) to mitigate the risk.
Upgrade to localai version 2.16.0 or later. As a temporary workaround, restrict access to the model deletion endpoint or implement a WAF.
While no widespread exploitation has been confirmed, the ease of exploitation makes it a potential target. Monitoring and patching are crucial.
Refer to the localai project's official channels (GitHub repository, website) for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Dockerfile-Datei hoch und wir sagen dir sofort, ob du betroffen bist.