CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e	Patch
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545	Exploit Issue Tracking Patch
https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e	Patch
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545	Exploit Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-20 00:15

Updated : 2024-11-21 09:47

NVD link : CVE-2024-5182

Mitre link : CVE-2024-5182

CVE.ORG link : CVE-2024-5182

JSON object : View

Products Affected

mudler

localai

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-5182", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-06-20T00:15:09.487", "references": [{"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "security@huntr.dev"}, {"url": "https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en mudler/localai versi\u00f3n 2.14.0, donde un atacante puede explotar el par\u00e1metro `model` durante el proceso de eliminaci\u00f3n del modelo para eliminar archivos arbitrarios. Espec\u00edficamente, al elaborar una solicitud con un par\u00e1metro \"modelo\" manipulado, un atacante puede atravesar la estructura del directorio y apuntar a archivos fuera del directorio deseado, lo que lleva a la eliminaci\u00f3n de datos confidenciales. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada y una sanitizaci\u00f3n insuficientes del par\u00e1metro \"modelo\"."}], "lastModified": "2024-11-21T09:47:08.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82A38415-0349-46CD-850C-677CDDDC7DAD", "versionEndExcluding": "2.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}