CVE-2024-0550

Опубликовано: 28 фев. 2024

Источник: nvd

CVSS3: 9.6

CVSS3: 6.5

EPSS Низкий

Описание

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.

The attacker would have to have been granted privileged permissions to the system before executing this attack.

Ссылки

https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17
Patch
https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17
Patch
https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*

Версия до 1.0.0 (исключая)

EPSS

Процентиль: 72%

0.00718

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-23

Связанные уязвимости

GHSA-6hmr-48fm-wfhx

CVSS3: 9.6

github

почти 2 года назад

A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.

EPSS

Процентиль: 72%

0.00718

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-23