Lucene search

GoogleOSV:CVE-2024-0551

HistoryFeb 27, 2024 - 2:15 p.m.

CVE-2024-0551

2024-02-2714:15:27

Google

osv.dev

cve-2024-0551

database export

default user role

access control

deterministic export name

user interface

download behavior

system security

endpoint patch

higher privilege level

software

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.

It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.

The endpoint for exporting should simply be patched to a higher privilege level.

References

github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8

huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for OSV:CVE-2024-0551