CVE-2024-8248

Summary

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.

Affected Software

VendorProductVersion RangeStatus
mintplex-labsmintplex-labs/anything-llmunspecified < 1.2.2affected

Weaknesses

  • CWE-29: CWE-29 Path Traversal: '..\filename'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References