CVE-2024-0439

CVSS V2 None CVSS V3 None

Description

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.

Overview

CVE ID
CVE-2024-0439

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-02-25T19:48:56.527Z

Last Modified Date
2024-02-25T19:48:56.527Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce
https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0439
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0439

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 10:40:19				Added to TrackCVE