Lucene search
K

4 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10366

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

7.6CVSS0.00345EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

7.6CVSS7.1AI score0.00345EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

7.6CVSS7.4AI score0.00345EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.45 views

CVE-2024-10366

The CVE-2024-10366 vulnerability affects danny-avila/librechat v0.7.5-rc2, where the delete-attachments endpoint does not verify that the attachment ID belongs to the current user. This IDOR allows any authenticated user (low privileges) to delete attachments of other users, with a network-style ...

7.6CVSS7.4AI score0.00345EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder