CVE-2024-0550

Exploit

EPSS 1.15%
Veröffentlicht 28.02.2024 05:15:08
Zuletzt bearbeitet 10.01.2025 15:22:26
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.

The attacker would have to have been granted privileged permissions to the system before executing this attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mintplexlabs ≫ Anythingllm Version < 1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.15%	0.781

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	9.6	3.1	5.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17

Patch

https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-0550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0550

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0550