CVE-2024-7783

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-7783
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7783.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7783
Published
2024-10-29T13:15:10Z
Modified
2024-10-31T17:47:36.346289Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.2.0