Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:27 p.m.9 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS6.7AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.10 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.15 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS0.00641EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.5 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.2AI score0.00641EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:9 a.m.83 views

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

8.1CVSS7.9AI score0.00641EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder