Lucene search

@huntr_aiCVELIST:CVE-2024-0798

HistoryFeb 25, 2024 - 4:42 p.m.

CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm

2024-02-2516:42:19

CWE-272

@huntr_ai

www.cve.org

privilege escalation

mintplex-labs/anything-llm

access control checks

document deletion

data integrity

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with ‘default’ role to delete documents uploaded by ‘admin’. Despite the intended restriction that prevents ‘default’ role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially leading to loss of data integrity.

CNA Affected

[
  {
    "vendor": "mintplex-labs",
    "product": "mintplex-labs/anything-llm",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.0.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733

huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-0798