CVE-2024-5211

Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm

Severity Score

9.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in the 'storage' directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin account takeover. The issue stems from improper validation of user-supplied input in the process of setting a custom logo for the app, which can be manipulated to achieve arbitrary file read, deletion, or overwrite, and to execute a DoS attack by deleting critical files required for the application's operation.

Una vulnerabilidad de path traversal en mintplex-labs/anything-llm permitió a un administrador omitir la función `normalizePath()`, destinada a defenderse contra ataques de path traversal. Esta vulnerabilidad permite al administrador leer, eliminar o sobrescribir el archivo de base de datos 'anythingllm.db' y otros archivos almacenados en el directorio de 'almacenamiento', como claves de comunicación interna y secretos .env. La explotación de esta vulnerabilidad podría comprometer la aplicación, ataques de denegación de servicio (DoS) y apropiación no autorizada de cuentas de administrador. El problema surge de la validación inadecuada de la entrada proporcionada por el usuario en el proceso de configuración de un logotipo personalizado para la aplicación, que puede manipularse para lograr lectura, eliminación o sobrescritura arbitraria de archivos, y para ejecutar un ataque DoS eliminando archivos críticos necesarios para el funcionamiento de la aplicación.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-06-12 CVE Published
2024-08-01 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-29: Path Traversal: '\..\filename'

CAPEC

References (2)

URL	Tag	Source
https://github.com/mintplex-labs/anything-llm/commit/e208074ef4c240fe03e4147ab097ec3b52b97619
https://huntr.com/bounties/38f282cb-7226-435e-9832-2d4a102dad4b

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mintplexlabs Search vendor "Mintplexlabs"		Anythingllm Search vendor "Mintplexlabs" for product "Anythingllm"				*		-		Affected