CVE-2024-0549

EUVD-2024-16342

16.04.2024, 00:15

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
@huntr_ai	CNA	8.1 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Affected Products (NVD)

Vendor	Product	Version
mintplexlabs	anythingllm	𝑥 < 1.0.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-23 - Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References

https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62

https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72

https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62

https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72