CVE-2024-3033
📋 TL;DR
An improper authorization vulnerability in the mintplex-labs/anything-llm application allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting namespaces. This affects all versions up to and including the latest version before 1.0.0, potentially leading to complete data loss of document embeddings and exposure of private workspace names.
💻 Affected Systems
- mintplex-labs/anything-llm
📦 What is this software?
Anythingllm by Mintplexlabs
⚠️ Risk & Real-World Impact
Worst Case
Complete data loss of all document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional, plus exposure of private workspace names.
Likely Case
Unauthenticated attackers resetting VectorDB or deleting namespaces, causing service disruption and data loss.
If Mitigated
Minimal impact if proper authentication and authorization controls are implemented.
🎯 Exploit Status
Exploitation requires only unauthenticated HTTP requests to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.0
Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a
Restart Required: Yes
Instructions:
1. Update anything-llm to version 1.0.0 or later. 2. Restart the application. 3. Verify the fix by testing unauthorized access to '/api/v/' endpoints.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to the anything-llm application to trusted IPs only.
iptables -A INPUT -p tcp --dport <app_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <app_port> -j DROP
Reverse Proxy Authentication
allPlace the application behind a reverse proxy with authentication (e.g., basic auth, OAuth).
🧯 If You Can't Patch
- Implement network segmentation to isolate the anything-llm instance from untrusted networks.
- Deploy a web application firewall (WAF) with rules to block unauthorized requests to '/api/v/' endpoints.
🔍 How to Verify
Check if Vulnerable:
Attempt unauthenticated HTTP requests to endpoints like '/api/v/reset-vector-db' or '/api/v/namespaces' and check if they succeed without credentials.Check Version:
Check the application version in the UI or via package manager (e.g., 'npm list' for Node.js installations).Verify Fix Applied:
After patching, repeat the unauthenticated requests; they should return 401/403 errors or require authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated requests to '/api/v/' endpoints with methods like DELETE or POST.
- Log entries indicating VectorDB resets or namespace deletions from unauthenticated IPs.
Network Indicators:
- HTTP traffic to '/api/v/' endpoints without authentication headers or cookies.
- Unusual spikes in requests to destructive endpoints from external IPs.
SIEM Query:
source="anything-llm" AND (uri_path="/api/v/*" AND (http_method="DELETE" OR http_method="POST") AND NOT (user!="" OR auth_token!=""))🔗 References
- https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a
- https://huntr.com/bounties/8a98a0b4-7886-41c5-8624-fc5c21972e5a
- https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a
- https://huntr.com/bounties/8a98a0b4-7886-41c5-8624-fc5c21972e5a
