CVE-2024-13060 identifies a missing authorization vulnerability (CWE-862) in the AnythingLLM Docker container version prior to 1.3.1, developed by mintplex-labs. The flaw allows users assigned the 'Default' permission level to access other users' profile pictures by altering the 'id' parameter within their user cookie. This parameter manipulation bypasses intended access controls, exposing user-specific data without proper authorization verification. The vulnerability affects confidentiality but does not impact data integrity or system availability. Exploitation requires the attacker to be authenticated with at least default user permissions but does not require additional user interaction. The CVSS v3.0 base score is 4.3 (medium), reflecting the network attack vector, low complexity, and limited impact scope. No public exploits or patches are currently documented, emphasizing the need for proactive mitigation. This vulnerability highlights the importance of robust authorization checks on user-specific resources in web applications and containerized environments, especially those handling user profile data.

For European organizations, this vulnerability could lead to unauthorized disclosure of user profile pictures, potentially violating privacy regulations such as GDPR if personal data is involved. Although the impact is limited to confidentiality and does not affect system integrity or availability, the exposure of user data can undermine user trust and may result in reputational damage. Organizations using AnythingLLM in sectors handling sensitive or regulated data (e.g., healthcare, finance, public sector) are at higher risk. The vulnerability could also be leveraged as part of a broader reconnaissance effort by attackers to gather user information for social engineering or targeted attacks. Since exploitation requires authenticated access, insider threats or compromised accounts pose a significant risk vector. The lack of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

European organizations should immediately verify the version of AnythingLLM deployed and upgrade to version 1.3.1 or later where the vulnerability is fixed. If upgrading is not immediately feasible, implement strict access control mechanisms to validate user permissions on all endpoints serving user-specific data, especially those relying on cookie parameters. Employ web application firewalls (WAFs) to detect and block anomalous requests that manipulate cookie parameters. Conduct regular audits of user access logs to identify suspicious access patterns. Enforce strong authentication and session management practices to reduce the risk of account compromise. Additionally, consider isolating the AnythingLLM service within segmented network zones to limit lateral movement in case of exploitation. Finally, inform users about the importance of safeguarding their credentials and monitor threat intelligence sources for emerging exploit techniques related to this vulnerability.