Vulnerability Details CVE-2024-10109
A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.6%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2024-10109
-
cpe:2.3:a:mintplexlabs:anythingllm:-
-
cpe:2.3:a:mintplexlabs:anythingllm:0.0.1
-
cpe:2.3:a:mintplexlabs:anythingllm:0.1.0
-
cpe:2.3:a:mintplexlabs:anythingllm:1.0.0
-
cpe:2.3:a:mintplexlabs:anythingllm:1.1.0
-
cpe:2.3:a:mintplexlabs:anythingllm:1.1.1
-
cpe:2.3:a:mintplexlabs:anythingllm:1.2.0
-
cpe:2.3:a:mintplexlabs:anythingllm:1.2.1