CVE-2024-9617

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file...

Danswer 安全漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from the back-end not validating the visibility status of a search page, which could allow an...

Danswer 资源管理错误漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version v0.3.94, which stems from the fact that uploading a file with malformed multi-part boundaries may...

Danswer 访问控制错误漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. An access control error vulnerability exists in Danswer version v0.3.94 that stems from the application not validating the file creator, which could allow an attacke...