CVE-2024-3101

Exploit

EPSS 0.78%
Veröffentlicht 10.04.2024 17:15:56
Zuletzt bearbeitet 09.07.2025 19:49:24
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mintplexlabs ≫ Anythingllm Version < 1.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.78%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	6.7	1.2	5.5	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2

Patch

https://huntr.com/bounties/c114c03e-3348-450f-88f7-538502047bcc

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-3101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3101

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-3101