Primary

Context

AnythingLLM Docker Unauthorized Profile Picture Access Vulnerability

Vulnerability

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by manipulating the 'id' parameter in the user cookie. This issue affects versions prior to 1.3.1.

Impact

Exploitation of this vulnerability allows for unauthorized access to users' profile pictures.

Remediation

Users can update to AnythingLLM Docker version 1.3.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AnythingLLM Docker Unauthorized Profile Picture Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mintplex-Labs AnythingLLM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating