cvedb.io
CVE-2024-6842
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:33.993 · Last modified 2026-06-17T08:18:49.027

Summary

In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

Affected products

mintplexlabs — anythingllm

Does this affect you?

Add your gear to cvedb and we'll alert you only when mintplexlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.