CVE-2024-6842

Source
https://cve.org/CVERecord?id=CVE-2024-6842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6842.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6842
Published
2025-03-20T10:10:27.588Z
Modified
2026-07-15T01:49:03.837123610Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Exposure of Sensitive Information in mintplex-labs/anything-llm
Details

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

Database specific
{
    "cwe_ids": [
        "CWE-306"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6842.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.0.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6842.json"