exploitDog

CVE-2024-10363

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

Ссылки

https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599
Patch
https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librechat:librechat:0.7.5:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862

NVD-CWE-noinfo

Связанные уязвимости

GHSA-mhmr-w8pp-75w5

CVSS3: 5.4

github

11 месяцев назад

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

EPSS

Процентиль: 24%

0.0008

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862

NVD-CWE-noinfo