CVE-2024-0795

Source
https://cve.org/CVERecord?id=CVE-2024-0795
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0795.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0795
Published
2024-03-02T21:16:46.411Z
Modified
2026-07-08T06:31:07.214226088Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Create user API role not enforced
Details

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance

Database specific
{
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0795.json"
}
References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        }
    ],
    "cpe": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0795.json"