CVE-2024-0765

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 3, 2024

Updated: Jan 8, 2025

CWE ID 200

Summary

CVE-2024-0765 is a vulnerability in AnythingLLM's multi-user instance where a default user can export data through the `/export-data` endpoint. By executing this call, an attacker can unzip and exfiltrate data from the system. This action does not leave any trace behind as the data is deleted post-download. An attacker needs explicit access to the system to exploit this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mintplex Labs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uNg4Cb
https://www.cve.org/CVERecord?id=CVE-2024-0765
https://nvd.nist.gov/vuln/detail/CVE-2024-0765

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-0765

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations