CVE-2024-6842 Overview
CVE-2024-6842 is a missing authentication vulnerability [CWE-306] in mintplex-labs/anything-llm version 1.5.5. The /setup-complete API endpoint returns data from the currentSettings function without verifying the caller's identity. This response includes sensitive system settings such as API keys for third-party search engine integrations used by the agent framework. Unauthenticated attackers can query the endpoint over the network and harvest these credentials. Stolen keys can then be used to consume paid API quotas or pivot into connected services, leading to financial loss for operators of exposed AnythingLLM instances.
Critical Impact
Any network-reachable AnythingLLM 1.5.5 deployment exposes third-party API keys to unauthenticated attackers through a single HTTP request.
Affected Products
- mintplex-labs anything-llm version 1.5.5
- Deployments exposing the AnythingLLM HTTP API to untrusted networks
- Instances configured with agent search integrations (Serper, Serply, SearXNG, and similar providers)
Discovery Timeline
- 2025-03-20 - CVE-2024-6842 published to the National Vulnerability Database
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-6842
Vulnerability Analysis
AnythingLLM exposes a /setup-complete endpoint intended to report whether initial setup has finished. In version 1.5.5 the handler calls the internal currentSettings function and returns its full output to the caller. That function aggregates system configuration, including API keys for agent search providers such as Serper and Serply. Because the route performs no authentication or authorization check, any client that can reach the HTTP service receives the sensitive payload. The flaw impacts confidentiality only, but the leaked material grants attackers direct access to paid third-party services tied to the deployment. An EPSS score of 29.187% (97.939 percentile) indicates elevated exploitation likelihood relative to the broader CVE population.
Root Cause
The root cause is missing authentication on a data-returning endpoint. The currentSettings helper was designed for authenticated administrative contexts but was reused by a public setup-status route without stripping secrets or gating access. This matches CWE-306: Missing Authentication for Critical Function.
Attack Vector
Exploitation requires only network reachability to the AnythingLLM service. An attacker sends an unauthenticated HTTP GET request to /setup-complete. The server responds with a JSON body containing configured API keys and other settings. No user interaction, prior credentials, or complex payloads are required. Attackers scanning the internet for exposed AnythingLLM instances can automate this collection at scale.
// Patch reference: .vscode/settings.json changes in commit 8b1ceb3
"opendocument",
"openrouter",
"Qdrant",
+ "searxng",
"Serper",
+ "Serply",
"textgenwebui",
"togetherai",
"vectordbs",
Source: GitHub Commit 8b1ceb3
Detection Methods for CVE-2024-6842
Indicators of Compromise
- Unauthenticated HTTP GET requests to the /setup-complete path from unexpected source addresses
- Anomalous usage or billing spikes on Serper, Serply, or other search provider API keys configured in AnythingLLM
- Outbound API calls to search providers originating from IP addresses that are not the AnythingLLM host
- Repeated requests to AnythingLLM setup and settings endpoints from scanning infrastructure
Detection Strategies
- Inspect reverse proxy or application access logs for requests to /setup-complete and correlate with client IP reputation
- Alert on any request to AnythingLLM administrative or settings routes that lacks a valid session cookie or bearer token
- Monitor third-party search provider dashboards for API key usage patterns that diverge from historical baselines
Monitoring Recommendations
- Forward AnythingLLM HTTP logs to a centralized analytics platform and build queries for unauthenticated access to sensitive routes
- Rotate agent search API keys on a scheduled cadence and after any suspected exposure
- Track application version inventory to identify hosts still running vulnerable 1.5.5 builds
How to Mitigate CVE-2024-6842
Immediate Actions Required
- Upgrade AnythingLLM to a release later than 1.5.5 that includes commit 8b1ceb3 and subsequent authentication fixes
- Rotate all API keys previously configured in AnythingLLM, including Serper, Serply, SearXNG, and other agent integrations
- Restrict inbound network access to the AnythingLLM service using firewall rules or a reverse proxy requiring authentication
- Audit access logs for prior requests to /setup-complete and treat any external hits as potential key exposure
Patch Information
Mintplex Labs published the fix through commit 8b1ceb30c159cf3a10efa16275bc6849d84e4ea8 in the anything-llm GitHub repository. Additional context is available in the Huntr bounty report. Operators should pull the latest tagged release and redeploy.
Workarounds
- Place AnythingLLM behind an authenticating reverse proxy such as nginx with basic auth or an OIDC forward-auth layer
- Block external access to the /setup-complete route at the proxy or WAF layer until patched
- Remove or unset agent search API keys in environment configuration if the integrations are not required
# Example nginx block preventing external access to the exposed endpoint
location = /setup-complete {
allow 127.0.0.1;
allow 10.0.0.0/8;
deny all;
proxy_pass http://anythingllm_upstream;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

