Cyber Resilience

CVE-2024-0798

MediumPublic PoC

Published: 26 February 2024

Published
26 February 2024
Modified
27 February 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0013 31.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0798 is a medium-severity Least Privilege Violation (CWE-272) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Data-Related Vulnerabilities risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a…

more

crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially leading to loss of data integrity.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
mintplex-labs/anything-llm is an open-source platform for document-based LLM interactions, functioning as an enterprise AI assistant with features like document upload and management for RAG-style inference.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Privilege escalation vulnerability enables default users to exploit improper access controls for unauthorized deletion of admin documents, mapping to Exploitation for Privilege Escalation (T1068) and Data Destruction (T1485).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

mintplexlabs
anythingllm
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-272

Review and update requirements help detect and correct least privilege violations in practice.

addresses: CWE-272

Access reviews verify and enforce adherence to least privilege by identifying excess permissions.

addresses: CWE-272

Requiring specification of intended system usage and access authorizations, plus periodic reviews, supports enforcement of least privilege.

addresses: CWE-272

Separation of duties is a direct mechanism to enforce least privilege by ensuring no individual receives more access than required for their isolated responsibilities.

addresses: CWE-272

Enforces the least privilege principle to avoid violations of minimal necessary access.

addresses: CWE-272

Enforcing only the minimal set of functionality implements least privilege by eliminating unneeded capabilities that could be abused.

addresses: CWE-272

The control mandates acknowledgment of least-privilege expectations, making violations by authorized users less likely.

addresses: CWE-272

Risk Executive role ensures least privilege is applied uniformly rather than left to individual system owners or projects.

References