Home > Vulnerability Database > CVE-2024-8982

Mend.io Vulnerability Database

CVE-2024-8982

Good to know:

Date: March 20, 2025

A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment.

Severity Score

6.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8982

Url: https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6

Url: https://www.mend.io/vulnerability-database/CVE-2024-8982

Severity Score

6.2

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

Top Fix

Upgrade Version

Upgrade to version openllm - 0.6.11;OpenLLM - 0.0.3

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8982

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?