Описание
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
Ссылки
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lollms:lollms_web_ui:13:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00031
Низкий
8.4 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 8.4
github
11 месяцев назад
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
EPSS
Процентиль: 9%
0.00031
Низкий
8.4 High
CVSS3
Дефекты
CWE-306