{ "id": "CVE-2024-0550", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-28T05:15:08.770", "lastModified": "2024-02-28T14:06:45.783", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.\n\nThe attacker would have to have been granted privileged permissions to the system before executing this attack." }, { "lang": "es", "value": "Un usuario que ya tiene privilegios de \"administrador\" o \"administrador\" puede configurar su imagen de perfil a trav\u00e9s de la API de interfaz utilizando una ruta de archivo relativa para luego usar la API GET de PFP para descargar cualquier archivo v\u00e1lido. Al atacante se le tendr\u00edan que haber concedido permisos privilegiados en el sistema antes de ejecutar este ataque." } ], "metrics": { "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.1, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "security@huntr.dev", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-23" } ] } ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17", "source": "security@huntr.dev" }, { "url": "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6", "source": "security@huntr.dev" } ] }