Anythingllm Security Vulnerabilities
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
9.8CVSS
9.2AI Score
0.001EPSS
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
9.1CVSS
9.2AI Score
0.0005EPSS
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
8.8CVSS
8.2AI Score
0.001EPSS
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders...
8.1CVSS
7.7AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request W...
7.1CVSS
6.8AI Score
0.0004EPSS
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
9.6CVSS
9.1AI Score
0.0004EPSS
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input va...
8.1CVSS
7.9AI Score
0.0004EPSS
A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.
9.6CVSS
9.2AI Score
0.0004EPSS
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exportin...
7.1CVSS
6.9AI Score
0.0004EPSS
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be ab...
7.7CVSS
7.5AI Score
0.0004EPSS
Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.
8.1CVSS
8AI Score
0.0004EPSS
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access...
9.6CVSS
9.1AI Score
0.0004EPSS
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance
7.2CVSS
7AI Score
0.0004EPSS
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerabili...
8.1CVSS
8.1AI Score
0.0004EPSS
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of serv...
7.5CVSS
7.5AI Score
0.0005EPSS
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the appli...
7.2CVSS
6.9AI Score
0.0004EPSS
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerabi...
9CVSS
8.8AI Score
0.0004EPSS
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific ...
9.1CVSS
9AI Score
0.0004EPSS
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...
6.7CVSS
6.6AI Score
0.0004EPSS
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks w...
5.3CVSS
7.6AI Score
0.0004EPSS
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of arbitra...
9.6CVSS
9.4AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by host...
9.6CVSS
7.2AI Score
0.0004EPSS
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Serv...
8.8CVSS
9.2AI Score
0.0004EPSS
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents ...
6.5CVSS
7AI Score
0.0004EPSS
An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of t...
9.1CVSS
9AI Score
0.0004EPSS
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling...
7.2CVSS
7AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...
7.5CVSS
7.2AI Score
0.001EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a ...
8.1CVSS
7.8AI Score
0.0004EPSS
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
6.5CVSS
6.5AI Score
0.0004EPSS
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...
9.1CVSS
9.2AI Score
0.0004EPSS
In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after account creations (POST /api/admin/users/new). This exposure occurs because the entire User object,...
6.5CVSS
5.2AI Score
0.0005EPSS
A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the...
7.5CVSS
7.5AI Score
0.0004EPSS