CVE-2024-0795 - Vulnerability Details - OpenCVE

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mintplexlabs	Anythingllm

Configuration 1 [-]

cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564
https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec

History

Tue, 21 Jan 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mintplexlabs Mintplexlabs anythingllm
CPEs		cpe:2.3:a:mintplexlabs:anythingllm::::::::
Vendors & Products		Mintplexlabs Mintplexlabs anythingllm
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-03-02T21:16:46.411Z

Updated: 2024-08-15T18:40:49.652Z

Reserved: 2024-01-22T22:19:16.570Z

Link: CVE-2024-0795

Vulnrichment

Updated: 2024-08-01T18:18:18.466Z

NVD

Status : Analyzed

Published: 2024-03-02T22:15:49.813

Modified: 2025-01-21T15:06:36.627

Link: CVE-2024-0795

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0795", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-01-22T22:19:16.570Z", "datePublished": "2024-03-02T21:16:46.411Z", "dateUpdated": "2024-08-15T18:40:49.652Z"}, "containers": {"cna": {"title": "Create user API role not enforced ", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-03-02T21:16:46.411Z"}, "descriptions": [{"lang": "en", "value": "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance"}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "1.0.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284"}]}], "source": {"advisory": "f69e3307-7b44-4776-ac60-2990990723ec", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.466Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mintplexlabs", "product": "anythingllm", "cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-08T19:45:00.992304Z", "id": "CVE-2024-0795", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T18:40:49.652Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.466Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0795", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-08T19:45:00.992304Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anythingllm", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T18:40:45.650Z"}}], "cna": {"title": "Create user API role not enforced ", "source": {"advisory": "f69e3307-7b44-4776-ac60-2990990723ec", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.0.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564"}], "descriptions": [{"lang": "en", "value": "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-03-02T21:16:46.411Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0795", "state": "PUBLISHED", "dateUpdated": "2024-08-15T18:40:49.652Z", "dateReserved": "2024-01-22T22:19:16.570Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-03-02T21:16:46.411Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance"}, {"lang": "es", "value": "Si a un atacado se le dio acceso a una instancia con la funci\u00f3n de administrador o administrador, no existe una autenticaci\u00f3n de backend que impida que el atacado cree un nuevo usuario con una funci\u00f3n de \"administrador\" y luego pueda usar esta nueva cuenta para tener privilegios elevados en la instancia"}], "id": "CVE-2024-0795", "lastModified": "2025-01-21T15:06:36.627", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:49.813", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@huntr.dev", "type": "Secondary"}]}