1. Home
  2. CVE Database
  3. CVE-2024-6085
HIGH · 8.6

CVE-2024-6085

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings cha...

Vulnerability Description

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

CVSS Score

8.6

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2024-6085?

CVE-2024-6085 is a vulnerability with a CVSS score of 8.6 (HIGH). A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings cha...

How severe is CVE-2024-6085?

CVE-2024-6085 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6085?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.