OpenCVE

A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Mintplexlabs	Anythingllm

Configuration 1 [-]

cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa
https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49

History

Sun, 03 Nov 2024 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-229

Sun, 03 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:mintplexlabs:anythingllm:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mintplexlabs Mintplexlabs anythingllm
Weaknesses		CWE-307
CPEs		cpe:2.3:a:mintplexlabs:anythingllm::::::::
Vendors & Products		Mintplexlabs Mintplexlabs anythingllm
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:19:23.450Z

Updated: 2024-11-03T18:27:23.547Z

Reserved: 2024-03-29T18:43:30.670Z

Link: CVE-2024-3102

Vulnrichment

Updated: 2024-08-01T19:32:42.847Z

NVD

Status : Modified

Published: 2024-06-06T19:15:59.667

Modified: 2024-11-21T09:28:54.413

Link: CVE-2024-3102

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3102", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-29T18:43:30.670Z", "datePublished": "2024-06-06T18:19:23.450Z", "dateUpdated": "2024-11-03T18:27:23.547Z"}, "containers": {"cna": {"title": "JSON Injection in mintplex-labs/anything-llm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:23.547Z"}, "descriptions": [{"lang": "en", "value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "1.0.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "cweId": "CWE-307"}]}], "source": {"advisory": "8af4650d-5955-44a4-86b4-d08e1c862b49", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "mintplexlabs", "product": "anythingllm", "cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T14:45:02.550918Z", "id": "CVE-2024-3102", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:57:49.007Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.847Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.847Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3102", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T14:45:02.550918Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anythingllm", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T14:45:47.271Z"}}], "cna": {"title": "JSON Injection in mintplex-labs/anything-llm", "source": {"advisory": "8af4650d-5955-44a4-86b4-d08e1c862b49", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.0.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa"}], "descriptions": [{"lang": "en", "value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:23.547Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3102", "state": "PUBLISHED", "dateUpdated": "2024-11-03T18:27:23.547Z", "dateReserved": "2024-03-29T18:43:30.670Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:19:23.450Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n JSON en la aplicaci\u00f3n `mintplex-labs/anything-llm`, espec\u00edficamente dentro del par\u00e1metro de nombre de usuario durante el proceso de inicio de sesi\u00f3n en el endpoint `/api/request-token`. La vulnerabilidad surge del manejo inadecuado de los valores, lo que permite a los atacantes realizar ataques de fuerza bruta sin conocimiento previo del nombre de usuario. Una vez conocida la contrase\u00f1a, los atacantes pueden realizar ataques ciegos para determinar el nombre de usuario completo, comprometiendo significativamente la seguridad del sistema."}], "id": "CVE-2024-3102", "lastModified": "2024-11-21T09:28:54.413", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:59.667", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Secondary"}]}