CVE-2024-0765 CRITICAL

CVE-2024-0765: Default user role exporting save state of instance

Vendor Mintplex-Labs

Product mintplex-labs/anything-llm

Weakness CWE-200 · Info exposure

Published March 3, 2024

Last update August 16, 2024

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.

Key dates

02Disclosure timeline

March 3, 2024 CVE published

August 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0765

Related vulnerabilities

Identifiers

CVE CVE-2024-0765

CWE CWE-200

CVSS 9.6 / CRITICAL

Affected versions