4 matches found
CVE-2024-10366
An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...
CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat
An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...
CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat
An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...
CVE-2024-10366
The CVE-2024-10366 vulnerability affects danny-avila/librechat v0.7.5-rc2, where the delete-attachments endpoint does not verify that the attachment ID belongs to the current user. This IDOR allows any authenticated user (low privileges) to delete attachments of other users, with a network-style ...