CVE-2024-32881

🗓️ 26 Apr 2024 21:49:15Reported by GitHub_MType

Danswer AI Assistant vulnerable to unauthorized access of Slack Bot Tokens

Reporter	Title	Published	Views	Family All 4
OSV	CVE-2024-32881	26 Apr 202421:15	–	osv
Cvelist	CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer	26 Apr 202420:46	–	cvelist
Vulnrichment	CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer	26 Apr 202420:46	–	vulnrichment
NVD	CVE-2024-32881	26 Apr 202421:15	–	nvd

Vulners

Vulnrichment

Node

danswer\-ai danswerRange<0.3.63

[
  {
    "vendor": "danswer-ai",
    "product": "danswer",
    "versions": [
      {
        "version": "< 0.3.63",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/danswer-ai/danswer/commit/bd7e21a6388775e850d6f716675a893c72881e56
github	www.github.com/danswer-ai/danswer/commit/89ff07a96b41be9e05256bd252105be233f4d28a
github	www.github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Apr 2024 21:15Current

9.1High risk

Vulners AI Score9.1

CVSS39.8

EPSS0.00045

SSVC

CWE-285