CVE-2024-9617

Summary: CVE-2024-9617 describes an Insecure Direct Object Reference in danswer-ai/danswer v0.3.94 where an attacker can view any user file via GET /api/chat/file/{file_id} due to missing ownership checks. Details from connected docs: • Vulnerable component: Danswer application (v0.3.94). • Root ...

CVE-2024-9617 IDOR in danswer-ai/danswer

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file...

CVE-2024-9617 IDOR in danswer-ai/danswer

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file...

Creator Verification Error when Bubblegum Activate

This was an error found by @metamania01 of the Audit Company Solshield. It allowed one to verify a creator that did not sign by making use of a provision in Token Metadata that allows Creators who have signed compressed nfts to allow them to decompress with verified creators. The issue is now...

PT-2022-28223 · Crates.Io · Mpl-Bubblegum +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allowed verification of a creator that did not sign by utilizing a provision in Token Metadata. This provision enables creators who have signed compressed NFTs to decompress...