Security Advisory
CVE-2024-3101
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating Multi-User Mode. By sending a specially crafted curl request with the multi_user_mode parameter set to false, an attacker can deactivate Multi-User Mode. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.