Strix
26.1K

CVE-2024-8196

CRITICALCVSS 9.8/10EPSS 0.78%

Last modified

CVE-2024-8196 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.. EPSS estimates a 0.78% chance of exploitation in the next 30 days.

Description

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

Metrics

CVSS 3.0
9.8/10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.78%

51.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MintplexlabsAnythingllm Desktop< 1.6.5

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-8196?
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.
How severe is CVE-2024-8196?
CVE-2024-8196 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.
How do I fix CVE-2024-8196?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-8196?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST