mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
References
Link | Resource |
---|---|
https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468 | Patch |
https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362 | Exploit Third Party Advisory |
Configurations
History
14 Nov 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
13 Nov 2024, 14:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468 - Patch | |
References | () https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-203 | |
CPE | cpe:2.3:a:mudler:localai:2.17.1:*:*:*:*:*:*:* | |
First Time |
Mudler
Mudler localai |
29 Oct 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 13:15
Updated : 2024-11-14 14:15
NVD link : CVE-2024-7010
Mitre link : CVE-2024-7010
CVE.ORG link : CVE-2024-7010
JSON object : View
Products Affected
mudler
- localai
CWE
CWE-203
Observable Discrepancy