Lucene search

@huntr_aiCVE-2024-0795

HistoryMar 02, 2024 - 10:15 p.m.

CVE-2024-0795

2024-03-0222:15:49

CWE-284

@huntr_ai

web.nvd.nist.gov

cve-2024-0795

nvd

security

authentication

privilege escalation

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance

Affected configurations

Vulners

Vulnrichment

Node

mintplex-labsmintplex-labs\/anything-llmMatch1.0.0

VendorProductVersionCPE
mintplex-labsmintplex-labs\/anything-llm1.0.0cpe:2.3:a:mintplex-labs:mintplex-labs\/anything-llm:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mintplex-labs	mintplex-labs\/anything-llm	1.0.0	cpe:2.3:a:mintplex-labs:mintplex-labs\/anything-llm:1.0.0:::::::*

CNA Affected

[
  {
    "vendor": "mintplex-labs",
    "product": "mintplex-labs/anything-llm",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.0.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564

huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-0795