CVE-2024-0551

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-0551
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0551.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0551
Published
2024-02-27T14:15:27.130Z
Modified
2026-03-14T12:23:47.403660Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.

It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.

The endpoint for exporting should simply be patched to a higher privilege level.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
013c0b9575ae6a87af87275e326041c4e0afeeee
Fixed
7aaa4b38e7112a6cd879c1238310c56b1844c6d8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0551.json"