Описание
A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.1 (исключая)
cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
8.3 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.3
github
11 месяцев назад
A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.
EPSS
Процентиль: 33%
0.00131
Низкий
8.3 High
CVSS3
Дефекты
CWE-863