Vulnerability Description
A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mintplexlabs | Anythingllm | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bfPatch
- https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6ExploitIssue TrackingPatch
- https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bfPatch
- https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6ExploitIssue TrackingPatch
FAQ
What is CVE-2024-0550?
CVE-2024-0550 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attack...
How severe is CVE-2024-0550?
CVE-2024-0550 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0550?
Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Anythingllm.