CVE-2024-0549 - Vulnerability Details - OpenCVE

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62
https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-16T00:00:14.132Z

Updated: 2024-08-01T18:11:35.275Z

Reserved: 2024-01-15T00:30:28.942Z

Link: CVE-2024-0549

Vulnrichment

Updated: 2024-08-01T18:11:35.275Z

NVD

Status : Awaiting Analysis

Published: 2024-04-16T00:15:07.603

Modified: 2024-11-21T08:46:50.990

Link: CVE-2024-0549

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0549", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-01-15T00:30:28.942Z", "datePublished": "2024-04-16T00:00:14.132Z", "dateUpdated": "2024-08-01T18:11:35.275Z"}, "containers": {"cna": {"title": "Relative Path Traversal in mintplex-labs/anything-llm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:49.469Z"}, "descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "1.0.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-23 Relative Path Traversal", "cweId": "CWE-23"}]}], "source": {"advisory": "fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "mintplexlabs", "product": "anythingllm", "cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T17:08:21.915452Z", "id": "CVE-2024-0549", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T16:33:03.406Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.275Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.275Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0549", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T17:08:21.915452Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anythingllm", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T17:12:26.307Z"}}], "cna": {"title": "Relative Path Traversal in mintplex-labs/anything-llm", "source": {"advisory": "fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.0.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"}], "descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:49.469Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0549", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:11:35.275Z", "dateReserved": "2024-01-15T00:30:28.942Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-16T00:00:14.132Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability."}, {"lang": "es", "value": "mintplex-labs/anything-llm es vulnerable a un ataque de relative path traversal, lo que permite a atacantes no autorizados con una cuenta de rol predeterminada eliminar archivos y carpetas dentro del sistema de archivos, incluidos archivos de bases de datos cr\u00edticos como 'anythingllm.db'. La vulnerabilidad se debe a una validaci\u00f3n y normalizaci\u00f3n de entrada insuficientes en el manejo de solicitudes de eliminaci\u00f3n de archivos y carpetas. La explotaci\u00f3n exitosa resulta en el compromiso de la integridad y disponibilidad de los datos."}], "id": "CVE-2024-0549", "lastModified": "2024-11-21T08:46:50.990", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-16T00:15:07.603", "references": [{"source": "security@huntr.dev", "url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "security@huntr.dev", "type": "Secondary"}]}