Cyber Resilience

CVE-2024-6674

HighPublic PoC

Published: 29 October 2024

Published
29 October 2024
Modified
01 November 2024
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
EPSS Score 0.0021 43.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6674 is a high-severity Origin Validation Error (CWE-346) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), AML.T0040.000, Direct (AML.T0051.000).

EU & UK References

Vulnerability details

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf…

more

of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
parisneo/lollms-webui is a web UI platform for managing and running large language models (LLMs), fitting under 'Other Platforms' as it provides a deployment interface for AI models rather than core frameworks, libraries, or specific AI subdomains.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
T1654 Log Enumeration Discovery
Adversaries may enumerate system and service logs to find useful data.
Why these techniques?

CORS misconfiguration enables exploitation of public-facing web application (T1190) to steal logs (T1654), browser sessions (T1539), and private API keys from settings (T1528), facilitating unauthorized actions on behalf of users.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016.000: Adversarial AI Attack ImplementationsAML.T0040.000AML.T0051.000: DirectAML.T0048.000: Financial Harm

Affected Assets

lollms
lollms web ui
≤ 10

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-346

Requires unique identification of the service before communications, addressing failures to validate the origin of the interaction.

addresses: CWE-346

Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.

addresses: CWE-346

Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.

addresses: CWE-346

Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.

addresses: CWE-346

Mandates origin validation so that only legitimate endpoints can continue the authenticated session.

References