Security Advisory

CVE-2024-13060

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:08:46

Last updated 2025-10-15 12:49:34

Assigner @huntr_ai

State PUBLISHED

Description

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with Default permission to access other users profile pictures by changing the id parameter in the user cookie. This issue is present in versions prior to 1.3.1.

← Browse all CVEs View on cve.org ↗