CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3033 – Improper Authorization in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3033
06 Jun 2024 — An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can... • https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3152 – Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3152
06 Jun 2024 — mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endp... • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4084 – SSRF vulnerability in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-4084
05 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172, 10, and 127 through regular expressions and limit access protocols to HTTP and HTTPS, attackers can still bypass these restrictions using alternative representations of IP addresses and accessing other ports run... • https://huntr.com/bounties/bf44517e-a07d-4f54-89b4-3b05fca2a008 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4286 – Improper Neutralization of Special Elements in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-4286
26 May 2024 — Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users acce... • https://github.com/mintplex-labs/anything-llm/commit/1b35bcbeab10b77e6dbd263cceecf1b965a40789 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4287 – Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-4287
20 May 2024 — In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. En mintp... • https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3029 – Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3029
16 Apr 2024 — In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application. En mintplex-labs/anything... • https://github.com/mintplex-labs/anything-llm/commit/99cfee1e7025fe9a0919a4d506ba1e1b819f6073 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0549 – Relative Path Traversal in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-0549
16 Apr 2024 — mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability. mintplex-labs/anything-llm es vulnerable a un ... • https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62 • CWE-23: Relative Path Traversal •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3028 – Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3028
16 Apr 2024 — mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the application's '.env' file, and even delete files by setting the 'logo_filename' to the path of the target file and invoking the 'remove-logo' API endpoint. This vulnerability is due to the lack of proper sanitization o... • https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3101 – Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3101
10 Apr 2024 — In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. • https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3283 – Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3283
10 Apr 2024 — A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiab... • https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •