Scan free
CRITICALCVE-2024-0455CVSS 9.9

CVE-2024-0455: SSRF in AnythingLLM

Platform

nodejs

Component

anything-llm

Fixed in

0.7.2

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026
View on NVD
Save

CVE-2024-0455 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting AnythingLLM versions up to 1.0.0. This vulnerability allows authenticated users with elevated privileges (manager or admin) to extract sensitive EC2 instance credentials. Successful exploitation could lead to unauthorized access and management of the underlying infrastructure. A fix is available in version 1.0.0.

Impact and Attack Scenarios

The core of this vulnerability lies in the web scraper functionality within AnythingLLM. An attacker, possessing manager or admin credentials, can craft a specific URL – http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance – to trigger an SSRF. This URL, accessible only from within an Amazon EC2 instance, exposes the instance's security credentials. Gaining access to these credentials effectively grants the attacker the ability to manage the EC2 instance, regardless of who initially deployed it. This represents a significant escalation of privilege and a potential compromise of the entire environment. The blast radius extends to any data or services hosted on the compromised EC2 instance.

Exploitation Context

This vulnerability was publicly disclosed on 2024-02-25. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the sensitivity of the exposed credentials suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is likely to emerge given the straightforward nature of the attack.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.24% (48% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.9CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentanything-llm
Vendormintplex-labs
Affected rangeFixed in
0.1.0 – 0.7.10.7.2

Weakness Classification (CWE)

CWE-918

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-0455 is to immediately upgrade AnythingLLM to version 1.0.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the web scraper functionality to trusted users only, enforcing strict role-based access control. Implement input validation on the URL parameter to prevent the injection of malicious URLs. Web Application Firewalls (WAFs) can be configured to block requests to the specific EC2 metadata endpoint. Monitor access logs for suspicious requests targeting the EC2 metadata endpoint. After upgrading, confirm the fix by attempting to access the EC2 metadata endpoint with an authenticated user account and verifying that access is denied.

How to fix

Update AnythingLLM to a version later than 1.0.0 that contains the fix for the SSRF vulnerability. Alternatively, configure firewall or `iptables` rules to block access to the IP address 169.254.169.254 from the EC2 instance.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-0455 — SSRF in AnythingLLM?

CVE-2024-0455 is a critical SSRF vulnerability in AnythingLLM versions up to 1.0.0, allowing attackers to access EC2 instance credentials with manager/admin privileges.

Am I affected by CVE-2024-0455 in AnythingLLM?

You are affected if you are using AnythingLLM version 1.0.0 or earlier and have users with manager or admin roles.

How do I fix CVE-2024-0455 in AnythingLLM?

Upgrade to AnythingLLM version 1.0.0 or later. Implement temporary workarounds like restricting access and input validation if immediate upgrade is not possible.

Is CVE-2024-0455 being actively exploited?

While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation.

Where can I find the official AnythingLLM advisory for CVE-2024-0455?

Refer to the official AnythingLLM project repository or website for the latest security advisories and updates.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs