182 matches found
PT-2024-26638 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A Denial of Service DoS issue exists when the application is running in 'just me' mode with a password. An attacker can exploit this by making a request to the...
CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...
CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...
CVE-2023-5832
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
Improper access control
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833
The connected Huntr document provides concrete details for CVE-2023-5833: an improper access control flaw in mintplex-labs/anything-llm prior to 0.1.0 that allows overwriting backend environment variables via the /api/system/update-env endpoint. The vulnerability arises from how KEY_MAPPING expos...
CVE-2023-5832
CVE-2023-5832 affects mintplex-labs/anything-llm prior to 0.1.0. Root cause: improper input validation in the HTTP API that handles a filename parameter, enabling path traversal and, in some reports, arbitrary file deletion (PoC shows deletion of files like ../../server/storage/anythingllm.db). I...
PT-2023-32365 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 0.1.0 Description: The issue is related to improper access control in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.1.0, update to version 0.1.0 or late...
CVE-2023-4899
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4899
The CVE-2023-4899 entry concerns a SQL Injection vulnerability in mintplex-labs/anything-llm (versions prior to 0.0.1). The Red Hat/NVD/NVD-derived entries align on the vulnerability class, with the Huntr PoC detailing a concrete flaw in the /api/workspace/:slug endpoint where the slug parameter ...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4897
CVE-2023-4897 describes a Relative Path Traversal in mintplex-labs/anything-llm prior to 0.0.1. The vulnerability stems from insufficient validation of the filename parameter in the data-exports endpoint, allowing a crafted request to traverse directories and access sensitive local files as demon...