CVE-2024-9919 - Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability

A high-severity vulnerability, CVE-2024-9919, has been identified in the parisneo/lollms-webui software, specifically in version V13. This vulnerability stems from a missing authentication check in the /uninstall/{app_name} API endpoint, allowing attackers to delete directories without proper authorization. With a CVSS score of 8.4, this issue poses a significant risk to systems running the affected software.

The vulnerability was publicly disclosed on March 20, 2025, and has since garnered attention from cybersecurity researchers and red-teamers due to its potential for exploitation in real-world scenarios.

TL;DR

CVE ID: CVE-2024-9919
Severity: 8.4 (High)
Published: March 20, 2025
Vulnerability: Missing authentication check in the /uninstall/{app_name} API endpoint of parisneo/lollms-webui V13.
Impact: Attackers can delete directories without proper authentication, leading to potential system disruption or data loss.
Red-Team Relevance: Exploitable for privilege escalation and system disruption in targeted engagements.
C-Suite Summary: A critical vulnerability in parisneo/lollms-webui could allow unauthorized directory deletions, posing significant risks to system integrity and data security.

Vulnerability Details

The core issue lies in the /uninstall/{app_name} endpoint, which fails to call the check_access() function to verify the client_id. This oversight enables attackers to bypass authentication and perform unauthorized directory deletions.

Affected Version: parisneo/lollms-webui V13
Exploitation Vector: Unauthenticated API access
Impact: Directory traversal leading to potential data loss or system disruption

The vulnerability is particularly concerning because it allows attackers to manipulate system directories, potentially leading to denial-of-service (DoS) conditions or the deletion of critical files.

Red-Team Relevance

For red-teamers, CVE-2024-9919 presents a valuable opportunity for offensive engagements. Here’s why:

Privilege Escalation: By exploiting this vulnerability, red-teamers can gain unauthorized access to system directories, enabling further privilege escalation.
System Disruption: The ability to delete directories can be leveraged to disrupt critical services, simulating real-world attack scenarios.
Stealthy Exploitation: The lack of authentication checks makes this vulnerability easy to exploit without leaving obvious traces, ideal for covert operations.

Example Scenario:
A red-team could use this vulnerability to delete configuration files or logs, effectively crippling a target system while obscuring their activities. This would force the blue team to focus on recovery rather than detection, providing the red team with additional time to achieve their objectives.

C-Suite Summary

For senior executives, the key takeaway is that CVE-2024-9919 represents a significant risk to systems running the affected software. The vulnerability allows attackers to delete directories without authentication, potentially leading to:

Data Loss: Critical files or configurations could be permanently deleted.
Operational Disruption: Systems may become inoperable, impacting business continuity.
Reputational Damage: Exploitation of this vulnerability could lead to public scrutiny and loss of trust.

Actionable Steps:

Patch Immediately: Ensure that all instances of parisneo/lollms-webui are updated to a patched version.
Monitor for Exploitation: Implement robust monitoring to detect unauthorized directory deletions.
Conduct Security Audits: Review system configurations to identify and mitigate similar vulnerabilities.

Conclusion

CVE-2024-9919 underscores the importance of rigorous authentication checks in software development. The vulnerability’s high severity and ease of exploitation make it a critical issue for organizations using parisneo/lollms-webui.

For red-teamers, this vulnerability offers a powerful tool for simulating real-world attacks, while for organizations, it serves as a reminder of the need for proactive vulnerability management.