CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3150 – Privilege Escalation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3150
06 Jun 2024 — In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma r... • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0404 – Mass Assignment Vulnerability in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-0404
16 Apr 2024 — A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and pe... • https://github.com/mintplex-labs/anything-llm/commit/8cd3a92c660b202655d99bee90b2864694c99946 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0455 – SSRF on AWS deployed instances of AnythingLLM via /metadata
https://notcve.org/view.php?id=CVE-2024-0455
25 Feb 2024 — The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of wh... • https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4899 – SQL Injection in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2023-4899
11 Sep 2023 — SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Inyección SQL en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.0.1. • https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4898 – Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2023-4898
11 Sep 2023 — Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Omisión de autenticación por debilidad principal en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.0.1. • https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e • CWE-305: Authentication Bypass by Primary Weakness •