CVE-2024-0765

Exploit

EPSS 0.58%
Veröffentlicht 03.03.2024 15:15:07
Zuletzt bearbeitet 08.01.2025 14:32:04
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.

This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mintplexlabs ≫ Anythingllm Version < 1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.43

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	9.6	3.1	5.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2

Patch

https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-0765

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0765

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0765

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0765