CVE-2024-7010

MEDIUM EPSS 40.9%
Published Oct 29, 20241y ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Oct 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
40.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-203
CWE-208

Affected Products 1

VendorProductVersionRange
mudlerlocalai2.17.1any

References 2

  • github.com https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468
    Patch
  • huntr.com https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468
    Patch