CVE-2024-6842

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8", "name": "https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8", "tags": ["Patch"], "refsource": ""}, {"url": "https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e", "name": "https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-6842", "ASSIGNER": "security@huntr.dev"}}, "impact": {}, "publishedDate": "2025-03-20T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mintplexlabs:anythingllm:1.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-15T15:11Z"}