5.4

CVE-2024-10363

Exploit

EPSS 0.08%
Veröffentlicht 20.03.2025 10:10:19
Zuletzt bearbeitet 15.10.2025 13:15:35
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librechat ≫ Librechat Version0.7.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.239

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b

Third Party Advisory

Exploit

https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-10363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10363

EUVD