60 matches found
CVE-2024-7819
A CVE-2024-7819 entry concerns danswer-ai/danswer v1.4.1. The vulnerability is a CORS misconfiguration caused by improper validation of the origin header, enabling malicious web pages to issue unauthorized requests to the application's API and potentially disclose sensitive data (e.g., chat conte...
CVE-2024-7779 ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer
A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...
CVE-2024-7779 ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer
A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...
Danswer 访问控制错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. An access control error vulnerability exists in Danswer version 0.4.1 that stems from the ability for a basic user to create credentials and link them to an existing...
Danswer 资源管理错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version 0.9.0, which stems from the use of a vulnerable version of the starlette package and could lead t...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from improper access control and allows the first user to view, modify, and delete...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from the back-end not validating the visibility status of a search page, which could allow an...
Danswer 跨站请求伪造漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A cross-site request forgery vulnerability exists in Danswer v1.4.1. An attacker exploiting this vulnerability could perform unauthorized actions in the victim's...
Danswer 资源管理错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer suffers from a Resource Management Error vulnerability that stems from a regular expression denial of service, which could result in significantly slower...
Danswer 资源管理错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version v0.3.94, which stems from the fact that uploading a file with malformed multi-part boundaries may...
Danswer 访问控制错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. An access control error vulnerability exists in Danswer version v0.3.94 that stems from the application not validating the file creator, which could allow an attacke...
Danswer 访问控制错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. An Access Control Error vulnerability exists in Danswer v1.4.1, which stems from a misconfiguration of CORS and could lead to the disclosure of sensitive information...
CVE-2024-32881
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
Danswer < 0.10.0-beta.1 Insecure Direct Object Reference
Danswer version prior to 0.10.0-beta.1 suffers from an Insecure Direct Object Reference allowing an unauthenticated attacker to access messages and attached files via a specially forged request. This detection is included in the AI and LLM category. No source data...
CVE-2024-32881
CVE-2024-32881 affects Danswer (AI Assistant). The vulnerability allows unauthorized GET/SET access to Slack Bot Tokens, enabling token theft and full compromise of the customer’s Slack bot and internal Slack access. The issue is tied to Danswer versions prior to 3.63. Remediation from the connec...
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer has a security vulnerability that stems from Vulnerability to GET/SET unauthorized access to Slack Bot tokens...
PT-2024-24937 · Answer +1 · Answer +1
Name of the Vulnerable Software and Affected Versions: Danswer versions prior to 3.63 Description: Danswer, the AI Assistant connected to a company's documents, applications, and people, is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. This vulnerability allows anyone with...