CVE-2024-9919: CWE-306 Missing Authentication for Critical Function in parisneo parisneo/lollms-webui
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
AI Analysis
Technical Summary
CVE-2024-9919 identifies a critical security flaw in the parisneo/lollms-webui software, specifically in its uninstall API endpoint (/uninstall/{app_name}). The vulnerability arises because this endpoint fails to invoke the check_access() function, which is responsible for verifying the client_id and ensuring that only authorized users can perform uninstall operations. As a result, any attacker with network access to the service can invoke this endpoint without authentication, enabling unauthorized deletion of directories on the server. This missing authentication check corresponds to CWE-306 (Missing Authentication for Critical Function), a serious security weakness. The vulnerability affects unspecified versions of parisneo/lollms-webui, with a CVSS 3.0 base score of 8.4, indicating high severity. The attack vector is local (AV:L), meaning the attacker must have local or network access to the service, but no privileges (PR:N) or user interaction (UI:N) are required. The impact is severe, affecting confidentiality, integrity, and availability (all rated high), as attackers can delete critical files or directories, potentially leading to data loss, service outages, or further compromise. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially those deploying parisneo/lollms-webui in production environments handling sensitive or critical data. Unauthorized directory deletion can result in loss of important application data, configuration files, or user data, leading to service disruption and operational downtime. This can affect business continuity, data integrity, and confidentiality. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on this software could face severe operational and reputational damage. Additionally, the ease of exploitation without authentication increases the threat level, potentially enabling insider threats or lateral movement within compromised networks. The lack of known exploits in the wild offers a window for proactive mitigation, but the high severity score underscores the urgency of addressing this flaw.
Mitigation Recommendations
To mitigate CVE-2024-9919, organizations should immediately audit their parisneo/lollms-webui deployments to identify if the vulnerable uninstall endpoint is exposed. Specific recommendations include: 1) Implement strict authentication and authorization checks on the /uninstall/{app_name} API endpoint, ensuring the check_access() function or equivalent verification is enforced before any directory deletion operation. 2) Restrict network access to the web UI and API endpoints to trusted internal networks or VPNs, minimizing exposure to untrusted actors. 3) Employ application-layer firewalls or API gateways to monitor and block unauthorized requests targeting uninstall or destructive endpoints. 4) Regularly back up critical data and configuration files to enable recovery in case of deletion or tampering. 5) Monitor logs for unusual or unauthorized uninstall API calls to detect potential exploitation attempts. 6) Engage with the vendor or community for patches or updates addressing this vulnerability and apply them promptly once available. 7) Conduct security reviews and penetration tests focusing on authentication enforcement for all critical functions within the application.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium
CVE-2024-9919: CWE-306 Missing Authentication for Critical Function in parisneo parisneo/lollms-webui
Description
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
AI-Powered Analysis
Technical Analysis
CVE-2024-9919 identifies a critical security flaw in the parisneo/lollms-webui software, specifically in its uninstall API endpoint (/uninstall/{app_name}). The vulnerability arises because this endpoint fails to invoke the check_access() function, which is responsible for verifying the client_id and ensuring that only authorized users can perform uninstall operations. As a result, any attacker with network access to the service can invoke this endpoint without authentication, enabling unauthorized deletion of directories on the server. This missing authentication check corresponds to CWE-306 (Missing Authentication for Critical Function), a serious security weakness. The vulnerability affects unspecified versions of parisneo/lollms-webui, with a CVSS 3.0 base score of 8.4, indicating high severity. The attack vector is local (AV:L), meaning the attacker must have local or network access to the service, but no privileges (PR:N) or user interaction (UI:N) are required. The impact is severe, affecting confidentiality, integrity, and availability (all rated high), as attackers can delete critical files or directories, potentially leading to data loss, service outages, or further compromise. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially those deploying parisneo/lollms-webui in production environments handling sensitive or critical data. Unauthorized directory deletion can result in loss of important application data, configuration files, or user data, leading to service disruption and operational downtime. This can affect business continuity, data integrity, and confidentiality. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on this software could face severe operational and reputational damage. Additionally, the ease of exploitation without authentication increases the threat level, potentially enabling insider threats or lateral movement within compromised networks. The lack of known exploits in the wild offers a window for proactive mitigation, but the high severity score underscores the urgency of addressing this flaw.
Mitigation Recommendations
To mitigate CVE-2024-9919, organizations should immediately audit their parisneo/lollms-webui deployments to identify if the vulnerable uninstall endpoint is exposed. Specific recommendations include: 1) Implement strict authentication and authorization checks on the /uninstall/{app_name} API endpoint, ensuring the check_access() function or equivalent verification is enforced before any directory deletion operation. 2) Restrict network access to the web UI and API endpoints to trusted internal networks or VPNs, minimizing exposure to untrusted actors. 3) Employ application-layer firewalls or API gateways to monitor and block unauthorized requests targeting uninstall or destructive endpoints. 4) Regularly back up critical data and configuration files to enable recovery in case of deletion or tampering. 5) Monitor logs for unusual or unauthorized uninstall API calls to detect potential exploitation attempts. 6) Engage with the vendor or community for patches or updates addressing this vulnerability and apply them promptly once available. 7) Conduct security reviews and penetration tests focusing on authentication enforcement for all critical functions within the application.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2024-10-13T13:06:10.241Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68ef9b30178f764e1f470f05
Added to database: 10/15/2025, 1:01:36 PM
Last enriched: 10/15/2025, 1:04:18 PM
Last updated: 10/16/2025, 12:01:49 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11619: CWE-295 Improper Certificate Validation in Devolutions Devolutions Server
HighCVE-2025-43313: An app may be able to access sensitive user data in Apple macOS
MediumCVE-2025-43282: An app may be able to cause unexpected system termination in Apple iPadOS
MediumCVE-2025-43281: A local attacker may be able to elevate their privileges in Apple macOS
UnknownCVE-2025-43280: Forwarding an email could display remote images in Mail in Lockdown Mode in Apple iOS and iPadOS
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.