CVE-2024-8196

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm version 1.5.11

Description The application opens server port 3001 on 0.0.0.0 with no authentication by default, allowing an attacker to gain full backend access. This enables them to perform actions such as deleting all data from the workspace.

Recommendations For version 1.5.11, consider disabling access to server port 3001 until a patch is available, or implement authentication mechanisms to restrict unauthorized access. As a temporary workaround, restrict access to the backend to minimize the risk of exploitation.