CVE-2024-0759

CVSS V2 None CVSS V3 None

Description

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced. There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.

Overview

CVE ID
CVE-2024-0759

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-02-27T05:12:38.318Z

Last Modified Date
2024-03-07T19:59:40.961Z

Weakness Enumerations

CWE	URL
CWE-918	http://cwe.mitre.org/data/definitions/918.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b
https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0759
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0759

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 09:40:34				Added to TrackCVE