CVE-2024-0759

Published: Feb 27, 2024Modified: Mar 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced. There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.

Affected (1)

Products: Mintplexlabs: Anythingllm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mintplexlabs Anythingllm	Before 1.0.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb

Source: security@huntr.dev

Patch

https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b

Source: security@huntr.dev

Exploit

https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.