OpenCVE

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18
https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-20T12:24:51.682Z

Updated: 2024-08-01T20:33:53.198Z

Reserved: 2024-04-26T23:58:39.827Z

Link: CVE-2024-4287

Vulnrichment

Updated: 2024-08-01T20:33:53.198Z

NVD

Status : Awaiting Analysis

Published: 2024-05-20T13:15:23.980

Modified: 2024-11-21T09:42:32.727

Link: CVE-2024-4287

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4287", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-26T23:58:39.827Z", "datePublished": "2024-05-20T12:24:51.682Z", "dateUpdated": "2024-08-01T20:33:53.198Z"}, "containers": {"cna": {"title": "Improper Input Validation in mintplex-labs/anything-llm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-20T12:24:51.682Z"}, "descriptions": [{"lang": "en", "value": "In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "0.0.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "34491fb7-5133-4e80-8782-74124350bbdb", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "mintplexlabs", "product": "anythingllm", "cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T12:34:15.585229Z", "id": "CVE-2024-4287", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T15:56:38.352Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.198Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb", "tags": ["x_transferred"]}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.198Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4287", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-19T12:34:15.585229Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"], "vendor": "mintplexlabs", "product": "anythingllm", "versions": [{"status": "affected", "version": "0", "lessThan": "0.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T13:04:33.663Z"}}], "cna": {"title": "Improper Input Validation in mintplex-labs/anything-llm", "source": {"advisory": "34491fb7-5133-4e80-8782-74124350bbdb", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.0.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18"}], "descriptions": [{"lang": "en", "value": "In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-20T12:24:51.682Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4287", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:53.198Z", "dateReserved": "2024-04-26T23:58:39.827Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-20T12:24:51.682Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts."}, {"lang": "es", "value": "En mintplex-labs/anything-llm, existe una vulnerabilidad debido a una validaci\u00f3n de entrada incorrecta en el proceso de actualizaci\u00f3n del espacio de trabajo. Espec\u00edficamente, la aplicaci\u00f3n no puede validar ni formatear los datos JSON enviados en una solicitud HTTP POST a `/api/workspace/:workspace-slug/update`, lo que permite que se ejecute como parte de una consulta de base de datos sin restricciones. Esta falla permite a los usuarios con rol de administrador crear una solicitud que incluya operaciones de escritura anidadas, lo que les permite crear nuevas cuentas de administrador."}], "id": "CVE-2024-4287", "lastModified": "2024-11-21T09:42:32.727", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-20T13:15:23.980", "references": [{"source": "security@huntr.dev", "url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mintplex-labs/anything-llm/commit/94b58249a37a21b1c08deaa2d1edfdecbb6deb18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://huntr.com/bounties/34491fb7-5133-4e80-8782-74124350bbdb"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}]}