2 matches found
CVE-2024-8065
A Cross-Site Request Forgery CSRF vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among...
CVE-2024-8065
CVE-2024-8065 describes a Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of the open‑source project danswer-ai/danswer. The issue arises because the application does not implement any CSRF protection, allowing an attacker to perform unauthorized actions in the context of the vi...