How severe is CVE-2024-0765?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2024-0765?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-0765 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.

Related Vulnerabilities

CVE-2016-6658

CRITICAL

CVSS:9.6(Critical)

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a cre...

CWE-2002016

CVE-2017-14443

CRITICAL

CVSS:9.6(Critical)

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to a...

CWE-2002017

CVE-2017-18853

CRITICAL

CVSS:9.6(Critical)

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and ear...

CWE-2002017

CVE-2023-40029

CRITICAL

CVSS:9.6(Critical)

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kube...

CWE-2002023

CVE-2021-22272

CRITICAL

CVSS:9.4(Critical)

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.d...

CWE-2002021

CVE-2008-0655

CRITICAL

CVSS:9.8(Critical)

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.

CWE-2002008