← Back to CVE List

CVE-2024-2913

Published: 2024-05-07T00:15Z
Last Modified: 2024-11-21T09:10Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt