Vulnerability Details CVE-2024-10366
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 7.6
References