Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-0439
CVE-2024-0439:
Homebrew vulnerability analysis and mitigation
Overview
CVE-2024-0439 affects mintplex-labs/anything-llm version 1.0.0, where manager users could modify system settings they should not have access to. While these settings are hidden in the UI for manager roles, they could still modify these settings through standard HTTP requests (AttackerKB, GitHub Commit).
Technical details
The vulnerability stems from insufficient role-based access control where manager users could bypass UI restrictions and modify system settings through direct HTTP requests. The issue was specifically related to the ability to update ENV settings that should have been restricted to admin users only (GitHub Commit).
Impact
While not considered a critical vulnerability, this issue allows manager users to modify system settings beyond their intended permission level, potentially affecting system configuration and security controls (AttackerKB).
Mitigation and workarounds
The issue has been patched by adding proper role validation checks that verify if the user has admin privileges before allowing ENV modifications. The fix includes additional user role verification in the system endpoints (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related Homebrew vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management