Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-0795

HistoryMar 02, 2024 - 9:16 p.m.

CVE-2024-0795 Create user API role not enforced

2024-03-0221:16:46

CWE-284

@huntr_ai

github.com

cve-2024-0795

user api

role enforcement

backend authentication

elevated privileges

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance

CNA Affected

[
  {
    "vendor": "mintplex-labs",
    "product": "mintplex-labs/anything-llm",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mintplexlabs",
    "product": "anythingllm",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564

huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0795