What is CVE-2024-37895?

CVE-2024-37895 is a medium-severity vulnerability in Lobehub Lobe-chat, classified under Information Disclosure. CVSS score: 5.7/10. Published 2024-06-17.

How severe is CVE-2024-37895?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Information disclosure in Lobehub Lobe-chat

CVE-2024-37895

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on th…

Vulnerability class: Information Disclosure

EPSS: 0.005 (64.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Lobehub Lobe-chat — versions < 0.162.25

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/lobehub/lobe-chat/security/advisories/GHSA-p36r-qxgx-jq2v (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-37895?: CVE-2024-37895 is a medium-severity vulnerability in Lobehub Lobe-chat, classified under Information Disclosure. CVSS score: 5.7/10. Published 2024-06-17.
How severe is CVE-2024-37895?: Medium severity. CVSS v3 base score is 5.7 out of 10.