Mintplexlabs: >> Anythingllm >> 0.1.0 Security Vulnerabilities
Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-02-27
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.
It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.
The endpoint for exporting should simply be patched to a higher privilege level.
CVSS Score
7.1
EPSS Score
0.009
Published
2024-02-27
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.
This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.
There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.
CVSS Score
7.7
EPSS Score
0.004
Published
2024-02-27
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.
The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
CVSS Score
7.1
EPSS Score
0.003
Published
2024-02-26
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-02-26
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
7.5
EPSS Score
0.026
Published
2024-01-19
Page 5