Mintplexlabs: Security Vulnerabilities
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL
```
http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
```
which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it.
The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-02-26
Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-01-25
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
7.5
EPSS Score
0.02
Published
2024-01-19
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-10-30
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-30
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-09-12
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-09-12
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVSS Score
8.7
EPSS Score
0.001
Published
2023-09-11
Page 6