Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:1 a.m.6 views

CVE-2024-32881

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS6.8AI score0.00799EPSS
Exploits0References1
NVD
NVD
added 2024/04/26 9:15 p.m.30 views

CVE-2024-32881

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.4AI score0.00799EPSS
Exploits0References3
CVE
CVE
added 2024/04/26 8:46 p.m.55 views

CVE-2024-32881

CVE-2024-32881 affects Danswer (AI Assistant). The vulnerability allows unauthorized GET/SET access to Slack Bot Tokens, enabling token theft and full compromise of the customer’s Slack bot and internal Slack access. The issue is tied to Danswer versions prior to 3.63. Remediation from the connec...

9.8CVSS9.1AI score0.00799EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/26 8:46 p.m.22 views

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.3AI score0.00799EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/26 8:46 p.m.37 views

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.5AI score0.00799EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.6 views

PT-2024-24937 · Answer +1 · Answer +1

Name of the Vulnerable Software and Affected Versions: Danswer versions prior to 3.63 Description: Danswer, the AI Assistant connected to a company's documents, applications, and people, is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. This vulnerability allows anyone with...

9.8CVSS7.1AI score0.00799EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.5 views

Danswer 安全漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer has a security vulnerability that stems from Vulnerability to GET/SET unauthorized access to Slack Bot tokens...

9.8CVSS6.7AI score0.00799EPSS
Exploits0References4
Rows per page
Query Builder