Unauthorized User Creation via Concurrent Requests in Invite Tab
CVE-2024-2913
Currently unrated
What is CVE-2024-2913?
A race condition vulnerability exists in the user invite acceptance process of Mintplex Labs' Anything LLM product. The flaw enables attackers to exploit the system by sending multiple simultaneous requests to accept a single user invite. This exploitation leads to the creation of multiple user accounts from a single invite link, undermining the intended security feature that permits only one user acceptance per invite. Consequently, this issue results in unauthorized account creations that remain undetected within the invite tab, stemming from inadequate validation for concurrent requests on the backend.