How severe is CVE-2024-0798?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-0798?

This is classified as CWE-272, which is a common weakness in software security.

CVE-2024-0798 - HIGH Severity | CVSS 8.1

Vulnerability Description

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially leading to loss of data integrity.

Related Vulnerabilities

CVE-2025-47809

HIGH

CVSS:8.2(High)

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with U...

CWE-2722025

CVE-2023-28047

HIGH

CVSS:7.8(High)

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerabi...

CWE-2722023

CVE-2023-32451

HIGH

CVSS:7.8(High)

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

CWE-2722023

CVE-2024-27165

HIGH

CVSS:7.8(High)

Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the refere...

CWE-2722024

CVE-2024-28824

HIGH

CVSS:7.8(High)

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate priv...

CWE-2722024

CVE-2024-28829

MEDIUM

CVSS:7.8(High)

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges...

CWE-2722024