CVE-2024-7010 Information

Description

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically in the context of password handling an attacker can determine valid login credentials based on the server’s response time potentially leading to unauthorized access.

Reference

https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362 https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468