3 matches found
CVE-2024-9612 Unauthorized Access in danswer-ai/danswer
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end doe...
CVE-2024-9612 Unauthorized Access in danswer-ai/danswer
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end doe...
CVE-2024-9612
In danswer-ai/danswer v0.3.94, the vulnerability stems from the back-end not validating the visibility status of the search page. Administrators can hide the search page from the front-end, but regular users can still access its functionalities by directly calling the API, bypassing the visibilit...