CVE-2024-7010

Published Oct 29, 2024

Last updated 3 days ago

CVSS medium 5.9

Overview

Description: mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
Source: security@huntr.dev
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

security@huntr.dev: CWE-203
nvd@nist.gov: CWE-203

Hype score: Not currently trending

CVE-2024-7010 mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time… https://t.co/FaOwWxmlls
@CVEnew
29 Oct 2024
226 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mudler:localai:2.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDCAF2D5-46FD-4D8E-B65B-9BE9FDD5D686"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References