CVE-2024-11167

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7	Patch
https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-07-15 11:15

NVD link : CVE-2024-11167

Mitre link : CVE-2024-11167

CVE.ORG link : CVE-2024-11167

JSON object : View

Products Affected

librechat

librechat

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2024-11167", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:24.097", "references": [{"url": "https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso indebido en versiones de danny-avila/librechat anteriores a la 0.7.6 permite a los usuarios autenticados eliminar las solicitudes de otros usuarios mediante el par\u00e1metro groupid. Este problema se produce porque el endpoint no verifica si el ID de solicitud proporcionado pertenece al usuario actual."}], "lastModified": "2025-07-15T11:15:24.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A", "versionEndExcluding": "0.7.6"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}