CVE-2024-11821

{"id": "CVE-2024-11821", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:25.563", "references": [{"url": "https://huntr.com/bounties/76d5986d-3882-4ea7-81cb-f00400e5c6b6", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios en langgenius/dify versi\u00f3n 0.9.1. Esta vulnerabilidad permite a un usuario normal modificar las instrucciones de Orchestrate para un chatbot creado por un usuario administrador. El problema surge porque la aplicaci\u00f3n no aplica correctamente los controles de acceso en el endpoint /console/api/apps/{chatbot-id}/model-config, lo que permite que usuarios no autorizados alteren la configuraci\u00f3n del chatbot."}], "lastModified": "2025-07-14T17:25:30.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:langgenius:dify:0.9.1:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "D53CCA1B-6A3C-49A8-82B0-419588788AE3"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}