CVE-2024-4328 Overview
CVE-2024-4328 is a Cross-Site Request Forgery (CSRF) vulnerability in the clear_personality_files_list function of parisneo/lollms-webui version 9.6. The function processes a GET request to clear personality files without validating request origin or requiring an anti-CSRF token. An attacker can craft a malicious web page that, when visited by an authenticated user, triggers the file-clearing operation without consent. The flaw is classified under CWE-352 and affects integrity and availability of user data managed by the application.
Critical Impact
A remote attacker can delete personality files belonging to an authenticated lollms-webui user by luring the victim to a malicious page, with no credentials required by the attacker.
Affected Products
- parisneo lollms-webui v9.6
- parisneo:lollms_web_ui package (CPE: cpe:2.3:a:parisneo:lollms_web_ui:9.6)
- Deployments exposing the lollms-webui interface to network-reachable browsers
Discovery Timeline
- 2024-06-10 - CVE-2024-4328 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-4328
Vulnerability Analysis
The clear_personality_files_list endpoint in lollms-webui v9.6 performs a state-changing action — deletion of personality files — in response to an HTTP GET request. The endpoint does not validate a CSRF token, check the Origin or Referer header, or require user re-authentication. Because GET requests can be issued automatically by browsers when loading images, iframes, or scripts from a third-party page, this design allows silent invocation. The vulnerability targets data integrity and availability rather than confidentiality, since the attacker triggers destructive actions but does not read responses. User interaction is required: the victim must visit an attacker-controlled page while authenticated to a lollms-webui instance.
Root Cause
The root cause is two-fold. First, a state-changing operation is exposed over an HTTP GET method, violating REST safety conventions that reserve GET for idempotent, side-effect-free reads. Second, the endpoint lacks any CSRF defense mechanism — no synchronizer token, no double-submit cookie, no SameSite cookie enforcement, and no origin validation. Session credentials are therefore attached automatically by the browser to any cross-origin request reaching the endpoint.
Attack Vector
An attacker hosts a page containing an HTML element such as <img src="http://victim-host:port/clear_personality_files_list"> or an auto-submitting form. When an authenticated lollms-webui user loads that page, the browser issues the GET request with the user's session cookie. The server processes the request as legitimate and clears the personality files list. No attacker-side credentials are needed and no visible response is required.
No verified public exploit code is available. Refer to the Huntr Bounty Listing for the original technical write-up.
Detection Methods for CVE-2024-4328
Indicators of Compromise
- Unexpected deletion or emptying of personality files in lollms-webui storage directories
- Web server access logs showing GET requests to /clear_personality_files_list with a Referer header pointing to an untrusted external domain
- GET requests to the endpoint lacking a same-origin Referer or Origin header value
Detection Strategies
- Audit reverse-proxy and application logs for invocations of clear_personality_files_list and correlate timestamps with file-deletion events on disk
- Alert on cross-origin requests to lollms-webui endpoints by inspecting Origin and Referer header mismatches at a web application firewall
- Monitor file system telemetry for bulk deletions inside the lollms-webui personalities data directory
Monitoring Recommendations
- Forward lollms-webui application logs and host file-integrity events into a centralized log platform for correlation against user session activity
- Track per-user request rates to state-changing endpoints and flag activity originating from non-application referrers
- Review browser session telemetry for users who interact with both internal lollms-webui hosts and external untrusted sites in the same session
How to Mitigate CVE-2024-4328
Immediate Actions Required
- Restrict network exposure of lollms-webui v9.6 to trusted hosts only, ideally behind a VPN or authenticated reverse proxy
- Instruct users not to remain authenticated to lollms-webui while browsing untrusted sites in the same browser profile
- Upgrade to a lollms-webui release later than v9.6 that addresses the CSRF defect once available from the maintainer
Patch Information
No vendor advisory URL is listed in the NVD record at publication. Monitor the Huntr Bounty Listing and the upstream parisneo/lollms-webui repository for fix commits that convert the endpoint to POST and add CSRF token validation.
Workarounds
- Place lollms-webui behind a reverse proxy that blocks GET requests to /clear_personality_files_list or requires a custom header set by the application
- Configure session cookies with SameSite=Strict to prevent the browser from attaching them to cross-site requests
- Deploy a web application firewall rule that rejects requests to state-changing endpoints when the Origin header does not match the application host
- Use a separate browser profile for lollms-webui access to isolate session cookies from general browsing
# Example reverse-proxy rule (nginx) blocking cross-origin GETs to the vulnerable endpoint
location = /clear_personality_files_list {
if ($request_method = GET) { return 405; }
if ($http_origin !~ "^https?://your-lollms-host(:[0-9]+)?$") { return 403; }
proxy_pass http://lollms_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
