Description

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

INFO

Published Date :

2025-03-20T10:11:34.868Z

Last Modified :

2025-03-20T13:50:28.828Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8196 vulnerability.

Vendors Products
Microsoft
  • Windows
Mintplexlabs
  • Anythingllm Desktop
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8196.

URL Resource
https://github.com/mintplex-labs/anything-llm/commit/9bfe477f10b188bfe3508ac29105df80d4522ece cve-icon cve-icon
https://huntr.com/bounties/dbde1c71-7aa5-46f6-847a-d89793cf97a9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact