Vulnerability Details CVE-2024-0550
A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.
The attacker would have to have been granted privileged permissions to the system before executing this attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 9.6
References
- https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17
- https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6
- https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17
- https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6
Products affected by CVE-2024-0550
-
cpe:2.3:a:mintplexlabs:anythingllm:-
-
cpe:2.3:a:mintplexlabs:anythingllm:0.0.1
-
cpe:2.3:a:mintplexlabs:anythingllm:0.1.0