CVE-2023-4898 - Vulnerability Details - OpenCVE

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Mintplexlabs	Anything-llm

Configuration 1 [-]

cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e
https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2

History

Thu, 26 Sep 2024 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-09-11T23:27:47.955Z

Updated: 2024-09-26T16:59:04.762Z

Reserved: 2023-09-11T23:27:37.938Z

Link: CVE-2023-4898

Vulnrichment

Updated: 2024-08-02T07:38:00.807Z

NVD

Status : Modified

Published: 2023-09-12T00:15:09.917

Modified: 2024-11-21T08:36:12.940

Link: CVE-2023-4898

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4898", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-09-11T23:27:37.938Z", "datePublished": "2023-09-11T23:27:47.955Z", "dateUpdated": "2024-09-26T16:59:04.762Z"}, "containers": {"cna": {"title": "Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-11T23:27:47.955Z"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "0.0.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-305 Authentication Bypass by Primary Weakness", "cweId": "CWE-305"}]}], "source": {"advisory": "a3dda692-7e8a-44a9-bd96-24cfd3f721d2", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.807Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mintplexlabs", "product": "anything-llm", "cpes": ["cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T16:56:52.145493Z", "id": "CVE-2023-4898", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T16:59:04.762Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.807Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4898", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T16:56:52.145493Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anything-llm", "versions": [{"status": "affected", "version": "0", "lessThan": "0.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T16:59:00.340Z"}}], "cna": {"title": "Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm", "source": {"advisory": "a3dda692-7e8a-44a9-bd96-24cfd3f721d2", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.0.1", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"}], "descriptions": [{"lang": "en", "value": "Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-305", "description": "CWE-305 Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-11T23:27:47.955Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4898", "state": "PUBLISHED", "dateUpdated": "2024-09-26T16:59:04.762Z", "dateReserved": "2023-09-11T23:27:37.938Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-09-11T23:27:47.955Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F593217B-D1E8-4090-A1EC-10376EB7123F", "versionEndExcluding": "0.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."}, {"lang": "es", "value": "Omisi\u00f3n de autenticaci\u00f3n por debilidad principal en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.0.1."}], "id": "CVE-2023-4898", "lastModified": "2024-11-21T08:36:12.940", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-12T00:15:09.917", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}