CVE-2024-3101

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm (affected versions not specified)

Description The issue is related to improper input validation, allowing attackers to escalate privileges by deactivating 'Multi-User Mode'. This can be achieved by sending a specially crafted curl request with the multi user mode parameter set to false. As a result, an attacker can create a new admin user without requiring a password, leading to unauthorized administrative access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.