6 matches found
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...
PT-2021-3831 · Microsoft · Windows User Profile Service +1
Name of the Vulnerable Software and Affected Versions: Windows User Profile Service ProfSvc affected versions not specified Description: The issue is related to insufficient access restrictions in the implementation of the user account profile picture in the Windows User Profile Service. It allow...