Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/03/22 12:27 p.m.9 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS6.7AI score0.00641EPSS
Exploits1References1
nvd
nvd
added 2025/03/20 10:15 a.m.10 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.2AI score0.00641EPSS
Exploits1References3
cvelist
cvelist
added 2025/03/20 10:9 a.m.14 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:9 a.m.83 views

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder