Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Unrestricted access to AnythingLLM API - Vulnerability Database

Unrestricted access to AnythingLLM API

Description

AnythingLLM is a full-stack app allowing you to build a private ChatGPT using commercial or open-source LLMs and vectorDB solutions, both locally and remotely, for intelligent document chat.

Invicti determined that it was possible to access AnythingLLM API without authentication.

Remediation

Enable authentication for AnythingLLM

References

AnythingLLM Documentation

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Apache Airflow Experimental API Auth Bypass CVE-2020-13927 High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration
Jetty Information Disclosure (CVE-2021-34429) Medium
Common tags: Configuration

Severity

Medium

Classification

CVE-2024-6842
CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration