CVE-2024-56137 — MEDIUM (6.8)

Q: How severe is CVE-2024-56137?

CVE-2024-56137 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-56137?

Check the references section above for vendor advisories and patch information. Affected products include: Maxkb Maxkb.

Vulnerability Description

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Maxkb	Maxkb	< 1.9.0

Related Weaknesses (CWE)

CWE-78

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85ExploitVendor Advisory
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85ExploitVendor Advisory

FAQ

What is CVE-2024-56137?

CVE-2024-56137 is a vulnerability with a CVSS score of 6.8 (MEDIUM). MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0,...

How severe is CVE-2024-56137?

CVE-2024-56137 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-56137?

Check the references section above for vendor advisories and patch information. Affected products include: Maxkb Maxkb.