CVE-2024-0763

CVSS V2 None CVSS V3 None

Description

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

Overview

CVE ID
CVE-2024-0763

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-02-27T21:14:56.552Z

Last Modified Date
2024-02-27T21:15:58.863Z

Weakness Enumerations

CWE	URL
CWE-20	http://cwe.mitre.org/data/definitions/20.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5
https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0763
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0763

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 10:30:37				Added to TrackCVE