CVE-2024-3149

Published: Jun 6, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information.

Affected (1)

Products: Mintplexlabs: Anythingllm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mintplexlabs Anythingllm	Before 1.0.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/mintplex-labs/anything-llm/commit/f4088d9348fa86dcebe9f97a18d39c0a6e92f15e

Source: security@huntr.dev

Patch

https://huntr.com/bounties/b230d76b-ae2d-440e-a25b-94ffaa7c4ff1

Source: security@huntr.dev

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/mintplex-labs/anything-llm/commit/f4088d9348fa86dcebe9f97a18d39c0a6e92f15e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.com/bounties/b230d76b-ae2d-440e-a25b-94ffaa7c4ff1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.