Path Sanitization Flaw in parisneo Lollms Web UI
CVE-2024-7058
4.4MEDIUM
Summary
A security vulnerability in the sanitize_path function of parisneo's Lollms Web UI version 10 allows an attacker to leverage relative paths, such as './', to bypass standard path sanitization. This flaw potentially leads to unauthorized access to sensitive directories within the victim's personality_folder, which could compromise the integrity and confidentiality of the system. Prompt awareness and mitigation are crucial to prevent exploitation of this vulnerability.
Affected Version(s)
parisneo/lollms <= unspecified
References
CVSS V3.0
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved