CVE-2024-7783 in anything-llminformação

Sumário

de MITRE • 29/10/2024

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

@huntr Ai

Reservar

14/08/2024

Divulgação

29/10/2024

Moderação

aceite

Entrada

VDB-282393

CPE

pronto

CWE

CWE-312 (confirmado)

CVSS

5.9 (CNA)

EPSS

0.00130

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-7783
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-7783
CVE Details	https://www.cvedetails.com/cve/CVE-2024-7783/

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!