{"id":"CVE-2024-0759","details":"Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.\n\nThis would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.\n\nThere is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.","modified":"2026-03-14T12:23:51.089707Z","published":"2024-02-27T06:15:45.493Z","references":[{"type":"FIX","url":"https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb"},{"type":"EVIDENCE","url":"https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mintplex-labs/anything-llm","events":[{"introduced":"0"},{"fixed":"013c0b9575ae6a87af87275e326041c4e0afeeee"},{"fixed":"0db6c3b2aa1787a7054ffdaba975474f122c20eb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0759.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}