CVE-2024-0455

CVSS V2 None CVSS V3 None

Description

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it. The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.

Overview

CVE ID
CVE-2024-0455

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-02-25T08:10:17.100Z

Last Modified Date
2024-02-25T08:11:20.487Z

Weakness Enumerations

CWE	URL
CWE-918	http://cwe.mitre.org/data/definitions/918.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c
https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0455
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0455

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 09:54:58				Added to TrackCVE