CVE-2024-6842 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data retur…

High CVSS: 7.5

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

Vendor

Product

CWE

Yayın Tarihi

2025-03-20 10:15:33

Güncelleme

2025-10-15 13:15:50

Source Identifier

security@huntr.dev

KEV Date Added

-

Kategoriler

CWE-306 Anythingllm HIGH Mintplexlabs 2025

Referanslar

https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8 https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e

Benzer Kayıtlar

Low

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Low

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Medium

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Critical

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…