Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
wordt vertaald…Platform
python
Component
parisneo/lollms-webui
CVE-2024-4320 represents a critical Remote Code Execution (RCE) vulnerability discovered in the /install_extension endpoint of the parisneo/lollms-webui application. This flaw stems from inadequate input validation, enabling attackers to leverage Local File Inclusion (LFI) to execute arbitrary code on the server. All versions of lollms-webui are currently considered affected, and immediate action is recommended to mitigate the risk.
Detecteer deze CVE in je project
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.
Impact en Aanvalsscenarioswordt vertaald…
The impact of CVE-2024-4320 is severe. An attacker can exploit this vulnerability to execute arbitrary code within the context of the lollms-webui application, potentially gaining full control of the underlying server. This could lead to data breaches, system compromise, and further malicious activity. The ability to load and execute arbitrary Python code via LFI significantly expands the attack surface, allowing attackers to install malware, steal sensitive data, or disrupt services. The vulnerability’s location within an extension installation process makes it particularly concerning, as attackers could potentially inject malicious extensions to achieve persistent access.
Uitbuitingscontextwordt vertaald…
CVE-2024-4320 was publicly disclosed on June 6, 2024. The vulnerability's ease of exploitation and the potential for significant impact suggest a medium probability of exploitation. No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's nature makes it likely that POCs will emerge. It is not currently listed on the CISA KEV catalog.
Wie Loopt Risicowordt vertaald…
Organizations deploying lollms-webui, particularly those running it in production environments or on systems containing sensitive data, are at significant risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as a compromise of one user's installation could potentially impact others.
Detectiestappenwordt vertaald…
• linux / server:
journalctl -u lollms-webui -g 'install_extension' | grep -i 'file: ' # Look for suspicious file paths• generic web:
curl -I http://your-lollms-webui/install_extension?name=../../../../etc/passwd # Attempt LFI• python / supply-chain:
Inspect the ExtensionBuilder().build_extension() method in the lollms-webui source code for improper input validation.
Aanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
63.98% (98% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
- Integrity
- Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
- Availability
- Hoog — volledige crash of uitputting van resources. Totale denial of service.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2024-4320 is to immediately upgrade to a patched version of lollms-webui. Since a fixed version is not yet available, a temporary workaround involves disabling the /install_extension endpoint or implementing strict input validation on the name parameter to prevent the inclusion of arbitrary files. Consider using a Web Application Firewall (WAF) to filter requests containing suspicious filenames or paths. Monitor system logs for unusual file access patterns or attempts to execute Python code from unexpected locations. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a benign payload and confirming that it is blocked.
Hoe te verhelpenwordt vertaald…
Actualice la biblioteca parisneo/lollms-webui a la última versión disponible. Esto debería incluir la corrección para la vulnerabilidad de ejecución remota de código. Consulte el repositorio del proyecto o las notas de la versión para obtener más detalles sobre la actualización.
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2024-4320 — RCE in lollms-webui?
CVE-2024-4320 is a critical Remote Code Execution vulnerability in the /install_extension endpoint of lollms-webui, allowing attackers to execute arbitrary code via Local File Inclusion.
Am I affected by CVE-2024-4320 in lollms-webui?
Yes, all versions of lollms-webui are currently considered affected by this vulnerability. Immediate action is required.
How do I fix CVE-2024-4320 in lollms-webui?
Upgrade to a patched version of lollms-webui as soon as it becomes available. Until then, disable the /install_extension endpoint or implement strict input validation.
Is CVE-2024-4320 being actively exploited?
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a medium probability of exploitation.
Where can I find the official lollms-webui advisory for CVE-2024-4320?
Refer to the parisneo/lollms-webui GitHub repository and associated security advisories for updates and official guidance.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.