Critical

anything-llm

SSRF Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability was identified in mintplex-labs/anything-llm, affecting the latest version prior to 1.0.0. This vulnerability allows attackers to steal AWS metadata by fetching specific URLs. It was patched in version 1.0.0.

Available publicly on Feb 25 2024

9.9

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Credit:

ranjit-git
Threat Overview

The vulnerability stems from the application's ability to fetch arbitrary URLs without proper validation or restriction. An attacker can exploit this by requesting URLs that are internally accessible within AWS environments, such as the metadata service at http://169.254.169.254. This service provides sensitive information, including AWS credentials, which can be accessed without authentication from within the instance. The lack of URL filtering or whitelisting mechanisms in the application makes it susceptible to SSRF attacks, leading to potential unauthorized access to AWS resources.

Attack Scenario

An attacker, possibly with manager role privileges within the application, crafts a malicious request to the application's URL fetching functionality. This request targets the AWS metadata service URL (http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance) to retrieve AWS credentials. Once the application fetches this URL, it inadvertently accesses and saves the AWS metadata, including credentials, which the attacker can then use to gain unauthorized access to AWS resources.

Who is affected

Any user hosting the anything-llm application on AWS prior to version 1.0.0 is vulnerable to this attack. The vulnerability specifically impacts those with the application configured to allow fetching of external URLs, which can be exploited to access sensitive AWS metadata.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.