CVE-2024-3150

Privilege Escalation in mintplex-labs/anything-llm

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system.

En mintplex-labs/anything-llm, existe una vulnerabilidad en el proceso de actualización de subprocesos que permite a los usuarios con roles predeterminados o de administrador escalar sus privilegios a administrador. El problema surge de una validación de entrada incorrecta al manejar solicitudes HTTP POST al endpoint `/workspace/:slug/thread/:threadSlug/update`. Específicamente, la aplicación no puede validar o verificar la entrada del usuario antes de pasarla al modelo Prisma `workspace_thread` para su ejecución. Esta supervisión permite a los atacantes crear una operación de consulta de relación Prisma que manipula el modelo de "usuarios" para cambiar la función de un usuario a administrador. La explotación exitosa otorga a los atacantes el nivel más alto de privilegios de usuario, permitiéndoles ver y realizar todas las acciones dentro del sistema.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-01 CVE Reserved
2024-06-06 CVE Published
2025-01-09 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-755: Improper Handling of Exceptional Conditions

CAPEC

References (2)

URL	Tag	Source
https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc
https://huntr.com/bounties/745f5c80-14ea-4055-9f15-a066ae93e5a3

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mintplexlabs Search vendor "Mintplexlabs"		Anything-llm Search vendor "Mintplexlabs" for product "Anything-llm"				*		-		Affected
Mintplexlabs Search vendor "Mintplexlabs"		Anythingllm Search vendor "Mintplexlabs" for product "Anythingllm"				*		-		Affected