cbcvebase.
CVE-2024-0455
published 2024-02-26

CVE-2024-0455: The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in…

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.81%
52.4th percentile
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it. The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.

Affected

1 ranges
VendorProductVersion rangeFixed in
mintplex-labsmintplex-labs_anything-llm>= unspecified < 1.0.01.0.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.