Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-3101

Published: 10/04/2024 Updated: 10/04/2024

Vulnerability Summary

In mintplex-labs/anything-llm, an improper input validation vulnerability allows malicious users to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.

References

CWE-20https://huntr.com/bounties/c114c03e-3348-450f-88f7-538502047bcchttps://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook