Path Traversal in api open_personality_folder in parisneo/lollms-webui

Vulnerability

Overview A path traversal vulnerability was discovered in the open_personality_folder API endpoint of the ParisNeo/lollms-webui, an AI chat application with a multi-user personality system [1]. The bug allows an attacker to read arbitrary folders within the personality_folder directory on the victim's computer, even though the sanitize_path function is applied to user input. The core issue stems from improper sanitization of the personality_folder parameter, which fails to block directory traversal sequences such as ../, enabling attackers to escape the intended restricted folder [1].

Attack

Vector and Prerequisites The vulnerability can be exploited without authentication if the endpoint is publicly exposed, or by any authenticated user with access to the API. The open_personality_folder endpoint is designed to serve files from a designated personality folder but, due to the flawed sanitization logic, an attacker can supply a crafted personality_folder value containing traversal sequences to access any folder on the host filesystem that the application process has read permissions for [2]. No special privileges beyond network access to the WebUI are required.

Impact

Successful exploitation enables an attacker to read sensitive files and directories, including configuration files, user data, private keys, and any other files stored within the personality folder or elsewhere on the system [1]. This could lead to full disclosure of confidential information, further system compromise, or lateral movement within the network. The CVSS v4.0 score for this vulnerability has not yet been assessed by NVD, but the flaw is classified as a high-severity path traversal [1].

Mitigation and

Status The vulnerability was reported via the Huntr bug bounty platform and assigned CVE-2024-6985 [3]. Users are advised to apply any patches provided by the maintainers or implement strict input validation on the personality_folder parameter, ensuring that traversal sequences are completely neutralized and only allowed paths within the intended personality directory are accepted. The official GitHub repository for Lollms WebUI includes releases where this issue is addressed, and users should upgrade to the latest version [2].