8.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-6085

GHSA ID

GHSA-9chm-m6x2-6fvc

EPSS Score

0.65415%

CWE

CWE-22

Published

6/27/2024

Updated

6/28/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-6085

CVE-2024-6085: lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

(GitHub Advisory)

8.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-6085

GHSA ID

GHSA-9chm-m6x2-6fvc

EPSS Score

0.65415%

CWE

CWE-22

Published

6/27/2024

Updated

6/28/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lollms	pip	<= 9.5.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unauthenticated endpoints that handle critical path configuration changes. While exact function names aren't provided in advisories, the described attack pattern requires: 1) A root folder modification function() that removes path restrictions when set to '/', and 2) An output directory configuration function() that allows writing anywhere. These would typically be found in the XTTS server configuration handlers, which the vulnerability specifically references. The high confidence comes from the direct relationship between the described attack vectors and the required functionality to modify these paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* p*t* tr*v*rs*l vuln*r**ility *xists in t** XTTS s*rv*r in*lu*** in t** lollms p**k***, v*rsion v*.*. T*is vuln*r**ility *ris*s *rom t** **ility to p*r*orm *n un*ut**nti**t** root *ol**r s*ttin*s ***n**. *lt*ou** t** r*** *il* *n*point is prot**t**

Reasoning

T** vuln*r**ility st*ms *rom un*ut**nti**t** *n*points t**t **n*l* *riti**l p*t* *on*i*ur*tion ***n**s. W*il* *x**t *un*tion n*m*s *r*n't provi*** in **visori*s, t** **s*ri*** *tt**k p*tt*rn r*quir*s: *) * root *ol**r mo*i*i**tion `*un*tion()` t**t r

8.6

Basic Information

Concerned about an active attack path?

CVE-2024-6085: lollms vulnerable to path traversal due to unauthenticated root folder settings change

8.6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI