CVE-2024-7010
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mudler | mudler/localai | unspecified < 2.21 | affected |
Weaknesses
- CWE-208: CWE-208 Observable Timing Discrepancy
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362
- https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.