
We found results for “”
CVE-2024-13060
Good to know:

Date: March 20, 2025
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix

Upgrade Version
Upgrade to version https://github.com/mintplex-labs/anything-llm.git - v1.4.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |