CVE-2024-6250
published 2024-06-27CVE-2024-6250: An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The…
PriorityP179high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.96%
77.8th percentile
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lollms | lollms_web_ui | — | — |
| parisneo | parisneo_lollms-webui | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
detection: keywords: - 'bit app support' AND '[fonts]' AND '[extensions]' in HTTP response body with status 200 and content-type text/plain to /open_file or /api/open_file
- →Monitor for POST requests to /open_file or /api/open_file endpoints containing absolute Windows paths (e.g., C:/) in the JSON body parameter 'path'. ↗
- →Successful exploitation returns HTTP 200 with content-type text/plain and a response body containing 'bit app support', '[fonts]', and '[extensions]' — characteristic strings from Windows win.ini. ↗
- →The vulnerability is triggered when the sanitize_path function is called with allow_absolute_path=True in lollms_advanced.py, permitting arbitrary absolute path access on Windows. ↗
- ·The vulnerability is Windows-specific; the absolute path traversal using drive-letter paths (e.g., C:/) only applies to Windows deployments of lollms-webui. ↗
- ·The Nuclei template uses stop-at-first-match across two endpoints (/open_file and /api/open_file), meaning only one request may be sent per scan; ensure both endpoints are tested independently in custom detection pipelines. ↗
- ·The Nuclei template is marked as unverified (verified: false), so false positive/negative rates are unknown. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fpqq-pjqc-cp2p: An absolute path traversal vulnerability exists in parisneo/lollms-webui v9
ghsa_unreviewed·2024-06-27
CVE-2024-6250 [HIGH] CWE-36 GHSA-fpqq-pjqc-cp2p: An absolute path traversal vulnerability exists in parisneo/lollms-webui v9
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
VulnCheck
lollms lollms_web_ui Absolute Path Traversal
vulncheck·2024·CVSS 7.5
CVE-2024-6250 [HIGH] lollms lollms_web_ui Absolute Path Traversal
lollms lollms_web_ui Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
Affected: lollms lollms_web_ui
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2024-6250
No detection rules found.
Nuclei
LOLLMS WebUI - Absolute Path Traversal
nuclei·CVSS 7.5
CVE-2024-6250 [HIGH] LOLLMS WebUI - Absolute Path Traversal
LOLLMS WebUI - Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the open_file endpoint of lollms_advanced.py. The sanitize_path function with allow_absolute_path=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
Template:
id: CVE-2024-6250
info:
name: LOLLMS WebUI - Absolute Path Traversal
author: ritikchaddha
severity: high
description: |
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the open_file endpoint of lollms_advanced.py. The sanitize_path function with allow_absolute_path=True allows an attacker to access arbitrary fi
No writeups or analysis indexed.
2024-06-27
Published
Exploited in the wild