How severe is CVE-2024-7783?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-7783?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2024-7783 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3.

Related Vulnerabilities

CVE-2019-4314

MEDIUM

CVSS:5.9(Medium)

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.

CWE-3122019

CVE-2021-36158

MEDIUM

CVSS:5.9(Medium)

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

CWE-3122021

CVE-2022-25160

MEDIUM

CVSS:5.9(Medium)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E...

CWE-3122022

CVE-2024-28065

MEDIUM

CVSS:5.9(Medium)

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.

CWE-3122024

CVE-2024-29146

MEDIUM

CVSS:5.9(Medium)

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numb...

CWE-3122024

CVE-2020-4095

MEDIUM

CVSS:6.0(Medium)

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the crede...

CWE-3122020