Lucene search

K
MintplexlabsAnythingllm

10 matches found

CVE
CVE
added 2024/02/27 6:15 a.m.121 views

CVE-2024-0759

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be ab...

7.7CVSS7.6AI score0.00428EPSS
CVE
CVE
added 2024/02/28 5:15 a.m.114 views

CVE-2024-0550

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.

9.6CVSS9.3AI score0.00718EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.106 views

CVE-2024-0798

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerabili...

8.1CVSS8.1AI score0.00166EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.102 views

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS9.4AI score0.00131EPSS
CVE
CVE
added 2024/02/27 2:15 p.m.99 views

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exportin...

7.1CVSS7AI score0.00921EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.97 views

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-c...

7.1CVSS6.4AI score0.00279EPSS
CVE
CVE
added 2024/02/27 10:15 p.m.95 views

CVE-2024-0763

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

8.1CVSS8.1AI score0.00632EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.89 views

CVE-2024-0440

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

9.6CVSS9.3AI score0.00137EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.86 views

CVE-2024-0435

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders...

8.1CVSS7.9AI score0.0037EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.86 views

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request W...

8.8CVSS6.9AI score0.00216EPSS