Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/03/22 11:43 a.m.12 views

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

7.5CVSS6.5AI score0.29187EPSS
Exploits1References1
nvd
nvd
added 2025/03/20 10:15 a.m.12 views

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

7.5CVSS0.29187EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/03/20 10:10 a.m.10 views

CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

7.5CVSS7.4AI score0.29187EPSS
Exploits1References2
cve
cve
added 2025/03/20 10:10 a.m.147 views

CVE-2024-6842

AnythingLLM (mintplex-labs/anything-llm) version 1.5.5 contains an information-disclosure vulnerability via the /setup-complete (or /api/setup-complete) endpoint, allowing remote, unauthenticated access to currentSettings that can include sensitive API keys for search engines. This enables potent...

7.5CVSS7.4AI score0.29187EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

7.5CVSS0.29187EPSS
Exploits1References2
Rows per page
Query Builder