A path traversal vulnerability has been identified in the XTTS server component of the lollms package, impacting versions up to the latest release. This flaw allows unauthenticated attackers to modify root folder settings, bypassing existing path traversal protections. Consequently, malicious actors can potentially read sensitive files and write arbitrary audio files to any location on the system.
The primary impact of CVE-2024-6085 is the ability for an attacker to read arbitrary files from the system. By manipulating the root folder setting to '/', an attacker can bypass existing protections and access files outside the intended scope. Furthermore, the vulnerability allows attackers to write audio files to arbitrary locations, potentially overwriting critical system files or creating malicious content. This could lead to data breaches, system instability, and unauthorized access.
This vulnerability was publicly disclosed on 2024-06-27. The availability of a public proof-of-concept is currently unknown. The CVSS score of 8.6 (HIGH) indicates a significant risk. It is not currently listed on CISA KEV, but its ease of exploitation warrants close monitoring.
Organizations deploying lollms for text-to-speech generation, particularly those running the XTTS server component, are at risk. Shared hosting environments where lollms is installed alongside other applications are especially vulnerable, as a successful exploit could potentially compromise the entire host.
• python / lollms:
import os
import requests
# Check for unusual file access attempts
with open('/var/log/lollms/xtts.log', 'r') as f:
for line in f:
if 'read_file' in line and '/etc/passwd' in line:
print('Potential path traversal detected!')• generic web:
curl -I http://<lollms_server>/xtts/settings/root_folder?root_folder=/• generic web:
grep -i 'root_folder=/' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.13% (33% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2024-6085 is to upgrade to a patched version of lollms as soon as it becomes available. Until a patch is available, consider implementing stricter access controls and input validation on the XTTS server. Employing a Web Application Firewall (WAF) with rules to prevent path traversal attempts can provide an additional layer of defense. Regularly monitor system logs for suspicious activity, particularly attempts to access files outside of expected directories.
Actualice el paquete lollms a una versión posterior a la v9.6 que corrija la vulnerabilidad de path traversal. Consulte las notas de la versión o el repositorio del proyecto para obtener más detalles sobre la actualización. Como medida temporal, evite modificar la configuración de la carpeta raíz del servidor XTTS si no es absolutamente necesario.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-6085 is a Path Traversal vulnerability in the lollms package, allowing attackers to read and write files by manipulating the root folder settings. It's rated HIGH severity due to the potential for broad system access.
If you are using lollms version ≤latest, you are potentially affected. Assess your environment and prioritize upgrading to a patched version as soon as it's available.
The recommended fix is to upgrade to a patched version of lollms. Until a patch is available, restrict access to the XTTS server and implement strict input validation.
While no public exploits have been released yet, the vulnerability's simplicity suggests a high likelihood of exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the lollms project's official website and GitHub repository for updates and security advisories related to CVE-2024-6085.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.