Описание
A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.
EPSS
8 High
CVSS3
Дефекты
Связанные уязвимости
A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.
Уязвимость функции check_access() системы для запуска и управления большими языковыми моделями LoLLMS (Lord of Large Language Multimodal Systems), позволяющая нарушителю получить доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании
EPSS
8 High
CVSS3