CVE-2024-3152
📋 TL;DR
CVE-2024-3152 affects mintplex-labs/anything-llm, allowing attackers to escalate privileges to admin, read/delete arbitrary files, and perform SSRF attacks via multiple endpoints with improper input validation. Users running versions before 1.0.0 are vulnerable. The vulnerabilities stem from insufficient validation before passing user input to prisma functions and other operations.
💻 Affected Systems
- mintplex-labs/anything-llm
📦 What is this software?
Anythingllm by Mintplexlabs
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise: attacker gains admin access, exfiltrates sensitive data, deletes critical files, and uses SSRF to attack internal systems.
Likely Case
Privilege escalation leading to unauthorized admin access and data theft from the anything-llm application.
If Mitigated
Limited impact with proper network segmentation, input validation, and least privilege controls in place.
🎯 Exploit Status
Exploitation requires authenticated access but leverages default user roles. Multiple attack vectors increase likelihood of weaponization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.0 or later
Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc
Restart Required: Yes
Instructions:
1. Update to version 1.0.0 or later. 2. Restart the anything-llm service. 3. Verify the fix by checking the version and testing vulnerable endpoints.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation for all user-supplied data in vulnerable endpoints.
# Requires code modification - implement validation in endpoint handlers
Network Segmentation
linuxRestrict network access to anything-llm to trusted IPs only.
# Example iptables rule: iptables -A INPUT -p tcp --dport <anything-llm-port> -s <trusted-ip> -j ACCEPT
# Then: iptables -A INPUT -p tcp --dport <anything-llm-port> -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted users only.
- Monitor logs for suspicious activity on vulnerable endpoints and implement rate limiting.
🔍 How to Verify
Check if Vulnerable:
Check the current version of anything-llm. If it's below 1.0.0, it's vulnerable. Review application logs for unauthorized access attempts to the listed endpoints.Check Version:
Check the package.json file or application startup logs for the version number.Verify Fix Applied:
Confirm version is 1.0.0 or later. Test the vulnerable endpoints with malicious input to ensure they now properly validate and reject unauthorized requests.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to /request-token, /workspace/*/thread/*/update, /system/remove-logo, /system/logo, or collector's /process endpoints
- Privilege escalation attempts from default to admin roles
- File read/delete operations outside expected paths
Network Indicators:
- Outbound requests from anything-llm to internal systems (SSRF indicators)
- Unexpected file transfers from the server
SIEM Query:
source="anything-llm-logs" AND (uri_path="/request-token" OR uri_path="/system/*" OR uri_path="/workspace/*/thread/*/update" OR uri_path="/collector/process") AND status="200"🔗 References
- https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc
- https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373
- https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc
- https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373
