Vulnerability Description
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it. The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mintplexlabs | Anythingllm | - |
Related Weaknesses (CWE)
References
- https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7Patch
- https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9cExploit
- https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7Patch
- https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9cExploit
FAQ
What is CVE-2024-0455?
CVE-2024-0455 is a vulnerability with a CVSS score of 7.5 (HIGH). The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/lates...
How severe is CVE-2024-0455?
CVE-2024-0455 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0455?
Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Anythingllm.