CVE-2024-8982

{"id": "CVE-2024-8982", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2025-03-20T10:15:45.463", "references": [{"url": "https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6", "source": "security@huntr.dev"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment."}, {"lang": "es", "value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI) en OpenLLM versi\u00f3n 0.6.10 permite a los atacantes incluir archivos del servidor local a trav\u00e9s de la aplicaci\u00f3n web. Esta falla podr\u00eda exponer archivos internos del servidor e informaci\u00f3n potencialmente confidencial, como archivos de configuraci\u00f3n, contrase\u00f1as y otros datos cr\u00edticos. El acceso no autorizado a archivos cr\u00edticos del servidor, como archivos de configuraci\u00f3n, credenciales de usuario (/etc/passwd) y claves privadas, puede comprometer por completo la seguridad del sistema. Los atacantes podr\u00edan aprovechar la informaci\u00f3n expuesta para penetrar a\u00fan m\u00e1s en la red, extraer datos o escalar privilegios dentro del entorno."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@huntr.dev"}