Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm
CVE-2024-5211

9.1CRITICAL

Key Information:

Vendor: Mintplex-labs
Status: Mintplex-labs/anything-llm
Vendor: CVE Published:; 12 June 2024

🔔 Create Mintplex-labs Vulnerability Alert

What is CVE-2024-5211?

A path traversal vulnerability in Anything-LLM by Mintplex Labs exists due to improper validation of user input during the custom logo setup process. This flaw allows managers to bypass the normalizePath() function, leading to unauthorized access to sensitive files, including the 'anythingllm.db' database and files within the 'storage' directory. The exploitation of this vulnerability can result in reading, deleting, or overwriting critical application files, endangering internal keys and configuration secrets. Additionally, attackers can orchestrate denial of service (DoS) attacks by deleting essential files required for the application's functionality, which could compromise the integrity and availability of the service.

Affected Version(s)

mintplex-labs/anything-llm < 1.0.0

References

https://huntr.com/bounties/38f282cb-7226-435e-9832-2d4a10...

https://github.com/mintplex-labs/anything-llm/commit/e208...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024