Description

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

INFO

Published Date :

2024-06-27T18:45:15.903Z

Last Modified :

2024-08-01T21:25:03.365Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6085 vulnerability.

Vendors Products
Parisneo
  • Lollms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6085.

URL Resource
https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact