216.73.217.64

CVE-2024-4839

· Published 24/06/2024 13:15 · Modified 24/06/2024 19:26

Labels: CVE-2024-4839 2024-06-24CVE-2024-4839CWE-352[email protected]

Essential information

Published
24/06/2024 13:15
Modified
24/06/2024 19:26
Author
Creator
CVSS
4.4 MEDIUM (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVSS metrics

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References