CVE-2024-6842

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6842

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6842.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6842

Published

2025-03-20T10:15:33.993Z

Modified

2026-03-14T12:40:46.009437Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type: GIT
Repo: https://github.com/mintplex-labs/anything-llm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8b1ceb30c159cf3a10efa16275bc6849d84e4ea8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6842.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.5.5"
            }
        ]
    }
]