Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-6842
Modified
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-20 Mar, 2025 | 10:15
Updated At-15 Oct, 2025 | 13:15

In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
mintplexlabs
mintplexlabs
>>anythingllm>>1.5.5
cpe:2.3:a:mintplexlabs:anythingllm:1.5.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarysecurity@huntr.dev
CWE ID: CWE-306
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8security@huntr.dev
Patch
https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9esecurity@huntr.dev
Exploit
Third Party Advisory
Hyperlink: https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory
Change History
0Changes found
Details not found