{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0551", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-01-15T01:10:32.762Z", "datePublished": "2024-02-27T14:07:28.927Z", "dateUpdated": "2024-08-01T18:23:28.766Z"}, "containers": {"cna": {"title": "Download and export of file via default user role", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-02-27T14:07:28.927Z"}, "descriptions": [{"lang": "en", "value": "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.\n\nIt is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.\n\nThe endpoint for exporting should simply be patched to a higher privilege level."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "1.0.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284"}]}], "source": {"advisory": "f114c787-ab5f-4f83-afa5-c000435efb78", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.064Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mintplexlabs", "product": "anythingllm", "cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T18:21:07.076839Z", "id": "CVE-2024-0551", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:23:28.766Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.064Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0551", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T18:21:07.076839Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anythingllm", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:23:23.968Z"}}], "cna": {"title": "Download and export of file via default user role", "source": {"advisory": "f114c787-ab5f-4f83-afa5-c000435efb78", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.0.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8"}], "descriptions": [{"lang": "en", "value": "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.\n\nIt is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.\n\nThe endpoint for exporting should simply be patched to a higher privilege level."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-02-27T14:07:28.927Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0551", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:23:28.766Z", "dateReserved": "2024-01-15T01:10:32.762Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-02-27T14:07:28.927Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.\n\nIt is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.\n\nThe endpoint for exporting should simply be patched to a higher privilege level."}, {"lang": "es", "value": "Habilite las exportaciones de la base de datos y la informaci\u00f3n exportada asociada del sistema a trav\u00e9s del rol de usuario predeterminado. Al atacado se le deber\u00eda haber concedido acceso al sistema antes del ataque. Vale la pena se\u00f1alar que la naturaleza determinista del nombre de exportaci\u00f3n presenta un riesgo menor ya que la interfaz de usuario para exportar iniciar\u00eda la descarga al mismo tiempo, lo que, una vez descargado, elimina la exportaci\u00f3n del sistema. El endpoint para la exportaci\u00f3n simplemente debe parchearse con un nivel de privilegio m\u00e1s alto."}], "id": "CVE-2024-0551", "lastModified": "2024-02-27T14:19:41.650", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-02-27T14:15:27.130", "references": [{"source": "security@huntr.dev", "url": "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}