CVE-2024-0550

MEDIUM

Privileged User - Info Disclosure

Title source: llm

Description

A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.

References (2)

[Patch] https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17

View Patch ZIP pw:eip

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6

Scores

CVSS v3 6.5

EPSS 0.0085

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (1)

mintplexlabs/anythingllm < 1.0.0

Published Feb 28, 2024

Tracked Since Feb 18, 2026