CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin
role and then be able to use this new account to have elevated privileges on the instance
[
{
"vendor": "mintplex-labs",
"product": "mintplex-labs/anything-llm",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "1.0.0",
"versionType": "custom"
}
]
}
]
[
{
"cpes": [
"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
],
"vendor": "mintplexlabs",
"product": "anythingllm",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.0.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total