How severe is CVE-2024-1646?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-1646?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2024-1646 - HIGH Severity | CVSS 8.2

Vulnerability Description

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.

Related Vulnerabilities

CVE-2022-23720

HIGH

CVSS:8.2(High)

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrato...

CWE-2882022

CVE-2022-42276

HIGH

CVSS:8.2(High)

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileg...

CWE-2882022

CVE-2022-42277

HIGH

CVSS:8.2(High)

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privi...

CWE-2882022

CVE-2024-26566

HIGH

CVSS:8.2(High)

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.

CWE-2882024

CVE-2019-3758

HIGH

CVSS:8.1(High)

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthentica...

CWE-2882019

CVE-2020-10283

HIGH

CVSS:8.1(High)

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopi...

CWE-2882020