CVE-2024-3025

CVSS V2 None CVSS V3 None

Description

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.

Overview

CVE ID
CVE-2024-3025

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-04-10T17:07:52.626Z

Last Modified Date
2024-04-16T11:10:20.884Z

Weakness Enumerations

CWE	URL
CWE-23	http://cwe.mitre.org/data/definitions/23.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b
https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-3025
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3025

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 23:07:05				Added to TrackCVE