Vulnerabilities > Mintplexlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-3152 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. | 8.8 |
| 2024-06-05 | CVE-2024-4084 | Unspecified vulnerability in Mintplexlabs Anythingllm A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. | 7.5 |
| 2024-03-03 | CVE-2024-0765 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. | 6.5 |
| 2024-03-02 | CVE-2024-0795 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | 7.2 |
| 2024-02-28 | CVE-2024-0550 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack. | 6.5 |
| 2024-02-27 | CVE-2024-0763 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. | 8.1 |
| 2024-02-27 | CVE-2024-0551 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 Enable exports of the database and associated exported information of the system via the default user role. | 7.1 |
| 2024-02-27 | CVE-2024-0759 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced. There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector. | 7.5 |
| 2024-02-26 | CVE-2024-0435 | Unspecified vulnerability in Mintplexlabs Anythingllm User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. | 5.4 |
| 2024-02-26 | CVE-2024-0436 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute | 5.9 |