Lucene search
@huntr_aiCVE-2024-0440HistoryFeb 26, 2024 - 4:27 p.m.
CVE-2024-0440
2024-02-2616:27:50
CWE-918
@huntr_ai
web.nvd.nist.gov
69
cve-2024-0440
attacker
link submission
post
file:// protocol
introspection
host files
nvd
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.1
Confidence
High
EPSS
0
Percentile
9.0%
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Affected configurations
Node
mintplex-labsmintplex-labs\/anything-llmMatch1.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mintplex-labs | mintplex-labs\/anything-llm | 1.0.0 | cpe:2.3:a:mintplex-labs:mintplex-labs\/anything-llm:1.0.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "mintplex-labs",
"product": "mintplex-labs/anything-llm",
"versions": [
{
"version": "unspecified",
"lessThan": "1.0.0",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-0440
2024-02-26 16:27:50
prion
prion
Design/Logic Flaw
2024-02-26 16:27:00
cvelist
cvelist
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-25 19:00:42
osv
osv
CVE-2024-0440
2024-02-26 16:27:50
vulnrichment
vulnrichment
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files
2024-02-25 19:00:42
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
9.1
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-0440