Path Traversal Vulnerability in 'cyber_security/codeguard' Personality
A path traversal vulnerability was identified in the 'cyber_security/codeguard' personality of the 'lollms-webui' application, allowing for arbitrary file read and overwrite. This issue affects the latest version of the software and was patched in version 9.5. The vulnerability stems from improper handling of directory paths, enabling attackers to traverse outside of intended directories.
Available publicly on May 21 2024 | Available with Premium on Apr 04 2024
Threat Overview
The vulnerability is rooted in the 'process_folder' function of the 'cyber_security/codeguard' personality, which processes directories and files for analysis. Due to insufficient validation of user-supplied paths, attackers can specify arbitrary directories for both source code and documentation output. This allows for the reading of sensitive files and potentially overwriting files or directories by manipulating the 'code_folder_path' and 'docs_folder_path' parameters. The issue is exacerbated by the recursive processing of subdirectories, amplifying the potential impact.
Attack Scenario
An attacker can exploit this vulnerability by modifying the personality settings to include malicious 'code_folder_path' and 'docs_folder_path' values, pointing to sensitive directories. By triggering the processing workflow, the attacker can cause the application to read sensitive files (e.g., environment variables, configuration files) and write arbitrary data to files or directories, leading to information disclosure and potential further exploitation.
Who is affected
Users of the 'lollms-webui' application, specifically those utilizing the 'cyber_security/codeguard' personality for processing directories and files, are affected by this vulnerability. The risk is particularly high for environments where sensitive files are accessible by the application.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.