CVE-2024-47170
CVSS V2 None
CVSS V3 None
Description
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.
Overview
- CVE ID
- CVE-2024-47170
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-26T17:16:21.950Z
- Last Modified Date
- 2024-09-26T17:16:21.950Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/agnaistic/agnai/security/advisories/GHSA-h355-hm5h-cm8h | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-47170 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47170 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-06 13:45:33 | Added to TrackCVE |