3 matches found
CVE-2024-0759
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...
CVE-2024-0759
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...
CVE-2024-0759
CVE-2024-0759 involves AnythingLLM enabling an attacker with internal-network access and manager/admin privileges to link-scrape IPs of other services on the same network. The root cause is exposure via a link collector that can be used without authentication, allowing internal IP discovery throu...