Mintplex Anything-LLM Network Discovery Vulnerability Allowing Backend Access

A vulnerability in Mintplex Labs Anything-LLM version 1.5.11 for Windows desktop has been identified, where the application opens server port 3001 on all interfaces (0.0.0.0) without authentication. This exposure allows attackers to gain full access to the backend, potentially leading to actions such as deleting all workspace data.

Impact

Exploitation of this vulnerability allows for unauthorized backend access, with the ability to delete all data from the user's workspace.

Reproduction

The vulnerability can be reproduced by installing Mintplex Labs Anything-LLM version 1.5.11 on a Windows desktop. Once the application is running, it will automatically open port 3001 on all network interfaces without any authentication. This can be verified by checking the application's network settings or using a tool to scan for open ports.

Remediation

Users can disable the network discovery feature by setting the 'APP_DISCOVERABLE' environment variable to 'false', which will prevent the application from opening the port on all interfaces. However, this change requires a full restart of the application to take effect.