CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...