Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
traduction en cours…Plateforme
python
Composant
parisneo/lollms-webui
CVE-2024-4320 represents a critical Remote Code Execution (RCE) vulnerability discovered in the /install_extension endpoint of the parisneo/lollms-webui application. This flaw stems from inadequate input validation, enabling attackers to leverage Local File Inclusion (LFI) to execute arbitrary code on the server. All versions of lollms-webui are currently considered affected, and immediate action is recommended to mitigate the risk.
Détecte cette CVE dans ton projet
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.
Impact et Scénarios d'Attaquetraduction en cours…
The impact of CVE-2024-4320 is severe. An attacker can exploit this vulnerability to execute arbitrary code within the context of the lollms-webui application, potentially gaining full control of the underlying server. This could lead to data breaches, system compromise, and further malicious activity. The ability to load and execute arbitrary Python code via LFI significantly expands the attack surface, allowing attackers to install malware, steal sensitive data, or disrupt services. The vulnerability’s location within an extension installation process makes it particularly concerning, as attackers could potentially inject malicious extensions to achieve persistent access.
Contexte d'Exploitationtraduction en cours…
CVE-2024-4320 was publicly disclosed on June 6, 2024. The vulnerability's ease of exploitation and the potential for significant impact suggest a medium probability of exploitation. No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that POCs will emerge. It is not currently listed on the CISA KEV catalog.
Qui Est à Risquetraduction en cours…
Organizations deploying lollms-webui, particularly those running it in production environments or on systems containing sensitive data, are at significant risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as a compromise of one user's installation could potentially impact others.
Étapes de Détectiontraduction en cours…
• linux / server:
journalctl -u lollms-webui -g 'install_extension' | grep -i 'file: ' # Look for suspicious file paths• generic web:
curl -I http://your-lollms-webui/install_extension?name=../../../../etc/passwd # Attempt LFI• python / supply-chain:
Inspect the ExtensionBuilder().build_extension() method in the lollms-webui source code for improper input validation.
Chronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
63.98% (percentile 98%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2024-4320 is to immediately upgrade to a patched version of lollms-webui. Since a fixed version is not yet available, a temporary workaround involves disabling the /install_extension endpoint or implementing strict input validation on the name parameter to prevent the inclusion of arbitrary files. Consider using a Web Application Firewall (WAF) to filter requests containing suspicious filenames or paths. Monitor system logs for unusual file access patterns or attempts to execute Python code from unexpected locations. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a benign payload and confirming that it is blocked.
Comment corrigertraduction en cours…
Actualice la biblioteca parisneo/lollms-webui a la última versión disponible. Esto debería incluir la corrección para la vulnerabilidad de ejecución remota de código. Consulte el repositorio del proyecto o las notas de la versión para obtener más detalles sobre la actualización.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2024-4320 — RCE in lollms-webui?
CVE-2024-4320 is a critical Remote Code Execution vulnerability in the /install_extension endpoint of lollms-webui, allowing attackers to execute arbitrary code via Local File Inclusion.
Am I affected by CVE-2024-4320 in lollms-webui?
Yes, all versions of lollms-webui are currently considered affected by this vulnerability. Immediate action is required.
How do I fix CVE-2024-4320 in lollms-webui?
Upgrade to a patched version of lollms-webui as soon as it becomes available. Until then, disable the /install_extension endpoint or implement strict input validation.
Is CVE-2024-4320 being actively exploited?
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a medium probability of exploitation.
Where can I find the official lollms-webui advisory for CVE-2024-4320?
Refer to the parisneo/lollms-webui GitHub repository and associated security advisories for updates and official guidance.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.