CVE-2024-4330 - Vulnerability Details - OpenCVE

ReportizFlow

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lollms	Lollms Web Ui

Configuration 1 [-]

cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00123}`	epss `{'score': 0.00094}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00087}`	epss `{'score': 0.00123}`

Wed, 09 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lollms Lollms lollms Web Ui
CPEs		cpe:2.3:a:lollms:lollms_web_ui::::::::
Vendors & Products		Lollms Lollms lollms Web Ui
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-30T14:43:40.842Z

Updated: 2024-08-01T20:40:46.503Z

Reserved: 2024-04-29T20:38:41.247Z

Link: CVE-2024-4330

Vulnrichment

Updated: 2024-08-01T20:40:46.503Z

NVD

Status : Analyzed

Published: 2024-05-30T15:15:49.890

Modified: 2025-07-09T14:27:48.867

Link: CVE-2024-4330

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4330", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-29T20:38:41.247Z", "datePublished": "2024-05-30T14:43:40.842Z", "dateUpdated": "2024-08-01T20:40:46.503Z"}, "containers": {"cna": {"title": "Path Traversal in parisneo/lollms-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T14:43:40.842Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-23 Relative Path Traversal", "cweId": "CWE-23"}]}], "source": {"advisory": "154a78d5-3960-4fc6-8666-f982b5e70ed7", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "parisneo", "product": "lollms-webui", "cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "9.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T18:42:17.703046Z", "id": "CVE-2024-4330", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T17:42:04.344Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.503Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.503Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4330", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T18:42:17.703046Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T18:44:41.285Z"}}], "cna": {"title": "Path Traversal in parisneo/lollms-webui", "source": {"advisory": "154a78d5-3960-4fc6-8666-f982b5e70ed7", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms-webui", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-30T14:43:40.842Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4330", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:40:46.503Z", "dateReserved": "2024-04-29T20:38:41.247Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-30T14:43:40.842Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "010C9279-CDD7-4D1B-8700-642A9C3A183F", "versionEndExcluding": "9.8", "versionStartIncluding": "9.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de path traversal en el repositorio parisneo/lollms-webui, espec\u00edficamente en la versi\u00f3n 9.6. La vulnerabilidad surge debido al manejo inadecuado de la entrada proporcionada por el usuario en el endpoint 'list_personalities'. Al crear una solicitud HTTP maliciosa, un atacante puede atravesar la estructura del directorio y ver el contenido de cualquier carpeta, aunque limitado \u00fanicamente a los nombres de las subcarpetas. Este problema se demostr\u00f3 mediante una solicitud HTTP espec\u00edfica que manipulaba el par\u00e1metro 'categor\u00eda' para acceder a directorios arbitrarios. La vulnerabilidad est\u00e1 presente en el c\u00f3digo ubicado en el archivo 'endpoints/lollms_advanced.py'."}], "id": "CVE-2024-4330", "lastModified": "2025-07-09T14:27:48.867", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-05-30T15:15:49.890", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Patch"], "url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Patch"], "url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "[email protected]", "type": "Secondary"}]}