Vulnerability Details CVE-2024-0795
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 7.2
References
- https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564
- https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
- https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564
- https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
Products affected by CVE-2024-0795
-
cpe:2.3:a:mintplexlabs:anythingllm:-
-
cpe:2.3:a:mintplexlabs:anythingllm:0.0.1
-
cpe:2.3:a:mintplexlabs:anythingllm:0.1.0