What is CVE-2024-0798?

CVE-2024-0798 is a high-severity vulnerability in Mintplex-labs Mintplex-labs/anything-llm, classified under CWE-272. CVSS score: 8.1/10. Published 2024-02-25.

How severe is CVE-2024-0798?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Mintplex-labs Mintplex-labs/anything-llm

CVE-2024-0798

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-…

EPSS: 0.001 (31.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Mintplex-labs Mintplex-labs/anything-llm — versions unspecified

Weakness classification (CWE)

CWE-272

References

huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c
github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db1675153…

Frequently asked questions

What is CVE-2024-0798?: CVE-2024-0798 is a high-severity vulnerability in Mintplex-labs Mintplex-labs/anything-llm, classified under CWE-272. CVSS score: 8.1/10. Published 2024-02-25.
How severe is CVE-2024-0798?: High severity. CVSS v3 base score is 8.1 out of 10.