Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2024-9919: CWE-306 Missing Authentication for Critical Function in parisneo parisneo/lollms-webui

0
High
VulnerabilityCVE-2024-9919cvecve-2024-9919cwe-306
Published: Thu Mar 20 2025 (03/20/2025, 10:09:56 UTC)
Source: CVE Database V5
Vendor/Project: parisneo
Product: parisneo/lollms-webui

Description

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.

AI-Powered Analysis

AILast updated: 10/15/2025, 13:04:18 UTC

Technical Analysis

CVE-2024-9919 identifies a critical security flaw in the parisneo/lollms-webui software, specifically in its uninstall API endpoint (/uninstall/{app_name}). The vulnerability arises because this endpoint fails to invoke the check_access() function, which is responsible for verifying the client_id and ensuring that only authorized users can perform uninstall operations. As a result, any attacker with network access to the service can invoke this endpoint without authentication, enabling unauthorized deletion of directories on the server. This missing authentication check corresponds to CWE-306 (Missing Authentication for Critical Function), a serious security weakness. The vulnerability affects unspecified versions of parisneo/lollms-webui, with a CVSS 3.0 base score of 8.4, indicating high severity. The attack vector is local (AV:L), meaning the attacker must have local or network access to the service, but no privileges (PR:N) or user interaction (UI:N) are required. The impact is severe, affecting confidentiality, integrity, and availability (all rated high), as attackers can delete critical files or directories, potentially leading to data loss, service outages, or further compromise. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially those deploying parisneo/lollms-webui in production environments handling sensitive or critical data. Unauthorized directory deletion can result in loss of important application data, configuration files, or user data, leading to service disruption and operational downtime. This can affect business continuity, data integrity, and confidentiality. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on this software could face severe operational and reputational damage. Additionally, the ease of exploitation without authentication increases the threat level, potentially enabling insider threats or lateral movement within compromised networks. The lack of known exploits in the wild offers a window for proactive mitigation, but the high severity score underscores the urgency of addressing this flaw.

Mitigation Recommendations

To mitigate CVE-2024-9919, organizations should immediately audit their parisneo/lollms-webui deployments to identify if the vulnerable uninstall endpoint is exposed. Specific recommendations include: 1) Implement strict authentication and authorization checks on the /uninstall/{app_name} API endpoint, ensuring the check_access() function or equivalent verification is enforced before any directory deletion operation. 2) Restrict network access to the web UI and API endpoints to trusted internal networks or VPNs, minimizing exposure to untrusted actors. 3) Employ application-layer firewalls or API gateways to monitor and block unauthorized requests targeting uninstall or destructive endpoints. 4) Regularly back up critical data and configuration files to enable recovery in case of deletion or tampering. 5) Monitor logs for unusual or unauthorized uninstall API calls to detect potential exploitation attempts. 6) Engage with the vendor or community for patches or updates addressing this vulnerability and apply them promptly once available. 7) Conduct security reviews and penetration tests focusing on authentication enforcement for all critical functions within the application.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
@huntr_ai
Date Reserved
2024-10-13T13:06:10.241Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 68ef9b30178f764e1f470f05

Added to database: 10/15/2025, 1:01:36 PM

Last enriched: 10/15/2025, 1:04:18 PM

Last updated: 10/16/2025, 12:01:49 AM

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats