High Severity
lollms-webui
SSRF Vulnerability in add_webpage Endpoint
A Server-Side Request Forgery (SSRF) vulnerability was identified in the `add_webpage` endpoint of the parisneo/lollms-webui application. The vulnerability arises because the endpoint does not validate URLs entered by users, allowing for requests to any specified URL, including internal addresses like `localhost` or `127.0.0.1`. This issue affects the latest version of the software, and as of the report, no fixed version has been announced.
Available publicly on May 30 2024
Threat Overview
The SSRF vulnerability in the add_webpage
endpoint poses a significant threat by enabling attackers to send requests to internal or external systems from the server. This could lead to unauthorized access to sensitive data, disruption of services, compromise of network integrity, manipulation of business logic, and abuse of third-party resources. The lack of URL validation allows attackers to explore internal network resources or interact with external systems in a way that appears to originate from the vulnerable server.
Attack Scenario
An attacker exploits this vulnerability by navigating to the application's UI and using the add_webpage
functionality to submit a URL pointing to an internal service (e.g., localhost
or 127.0.0.1
). The server then makes a request to the specified URL, and the response is stored. The attacker can subsequently retrieve and read the response using a simple script, potentially accessing sensitive information or interacting with internal services without authorization.
Who is affected
The vulnerability primarily affects the administrators and users of the parisneo/lollms-webui application, as it could lead to unauthorized access to internal services and sensitive data. Additionally, the integrity and availability of the application and its underlying infrastructure are at risk, potentially affecting stakeholders relying on the application's security.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have 291 related security advisories that are available with Sightline Premium.