Lucene search
K

AnythingLLM - Information Disclosure

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 49 Views

AnythingLLM - Information Disclosure through `/api/setup-complete` API endpoint. Remote attacker can access sensitive configuration, obtain device admin right

Related
Refs
Code
id: CVE-2024-6842

info:
  name: AnythingLLM - Information Disclosure
  author: ingbunga,rahaaaiii,asteria121,breakpack,gy741
  severity: high
  description: |
    AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.
  remediation: |
    Update AnythingLLM to the latest version and implement proper authentication for the setup-complete API endpoint.
  impact: |
    An attacker can use the vulnerability to obtain device administrator rights.
  reference:
    - https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6842
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-6842
    cwe-id: CWE-200
    epss-score: 0.29187
    epss-percentile: 0.97935
  metadata:
    max-request: 1
    verified: true
    vendor: Mintplex Labs
    product: anything-llm
    shodan-query: title:"AnythingLLM"
  tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs,vuln,ai

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/setup-complete"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "AuthToken\":true", "ApiKey\":true")'
          - 'contains(header, "application/json")'
          - 'status_code == 200'
        condition: and

      - type: word
        part: body
        words:
          - '"AgentGoogleSearchEngineId":'
          - -"AgentGoogleSearchEngineKey":'
          - '"AgentSerperApiKey":'
          - '"AgentBingSearchApiKey":'
        condition: or
# digest: 4b0a00483046022100f24b915927c508ebcea62057d28ecc88686ad14d83194b9616ac60994c166acb022100ace4d2ee4fee5a1126c1dd00fbed63bdf30597ce5adc049dd71ad99a1ad79abd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation