CVE-2024-7010
Last modified
CVE-2024-7010 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mudler | Localai | 2.17.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-7010?
How severe is CVE-2024-7010?
How do I fix CVE-2024-7010?
Are you affected by CVE-2024-7010?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST