CVE-2024-13060 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' paramete…

Medium CVSS: 4.3

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1.

Vendor

Product

Anythingllm Docker

CWE

Yayın Tarihi

2025-03-20 10:15:32

Güncelleme

2025-10-15 13:15:41

Source Identifier

security@huntr.dev

KEV Date Added

-

Kategoriler

CWE-862 Anythingllm Docker MEDIUM Mintplexlabs 2025

Referanslar

https://github.com/mintplex-labs/anything-llm/commit/696af19c45473172ad4d3ca749281800a4d1a45a https://huntr.com/bounties/98a49c90-e095-441f-900c-59d463dc8e8f https://huntr.com/bounties/98a49c90-e095-441f-900c-59d463dc8e8f

Benzer Kayıtlar

Low

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Low

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Medium

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Critical

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…