Anything Llm
CVE-2023-4898
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
AnalysisAI
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-305. Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Affected products include: Mintplexlabs Anything-Llm. Version information: prior to 0.0.1..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Anything Llm
View allSQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulne
XSS in AnythingLLM 1.11.1 and earlier.
SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands a
AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where th
Stored DOM-level XSS in AnythingLLM's chart caption rendering allows authenticated users in shared workspaces to inject
Path traversal in AnythingLLM's document folder listing endpoint on Windows allows authenticated low-privilege users to
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import f
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing
Symlink following in the AnythingLLM agent filesystem copy tool (versions prior to 1.13.0) allows a highly-privileged au
Same weakness CWE-305 – Authentication Bypass by Primary Weakness
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today