← Back

CVE-2024-7783

nvd nist
Published: Oct 29, 2024Modified: Oct 31, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3.

Affected (1)

Mintplexlabs
1 product
Anythingllm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Anythingllm
Before 1.2.1

Related CWEs

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

Source: security@huntr.dev
Patch
Source: security@huntr.dev
ExploitMitigationThird Party Advisory

Timeline

No history available yet.