CVE-2024-3029 – In mintplex-labs/anything-llm, an attacker can exploit improper input validation by …

16 April 2024

Vuln ID: CVE-2024-3029

Published: 2024-04-16 00:15:11.850

Description: In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the ‘/system/enable-multi-user’ endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the ‘multi_user_mode’. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

16 April 2024

Categorie(s):

NVD

Tag(s):

NVD

How to Delete Your Browser History29 April 2024
UK outlaws awful default passwords on connected devices29 April 2024
Account compromise of “unprecedented scale” uses everyday home devices29 April 2024
Connected devices with awful default passwords now illegal in UK29 April 2024
Chrome users report broken connections after Chrome 124 release29 April 2024