How severe is CVE-2024-3033?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-3033?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-3033 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names.

Related Vulnerabilities

CVE-2010-2548

CRITICAL

CVSS:9.1(Critical)

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.

CWE-8632010

CVE-2013-1350

CRITICAL

CVSS:9.1(Critical)

Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities

CWE-8632013

CVE-2018-7245

CRITICAL

CVSS:9.1(Critical)

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the...

CWE-8632018

CVE-2020-7692

CRITICAL

CVSS:9.1(Critical)

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee...

CWE-8632020

CVE-2021-26040

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.

CWE-8632021

CVE-2021-29943

CRITICAL

CVSS:9.1(Critical)

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client cr...

CWE-8632021