CVE-2024-0795
Published
CVSS v3
7.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance
Stop renting your intelligence. Own it with AnythingLLM. Everything you need for a powerful local-first agent experience
GitHub