CVE-2024-32881

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

CVE-2024-32881

CVE-2024-32881 affects Danswer (AI Assistant). The vulnerability allows unauthorized GET/SET access to Slack Bot Tokens, enabling token theft and full compromise of the customer’s Slack bot and internal Slack access. The issue is tied to Danswer versions prior to 3.63. Remediation from the connec...

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

PT-2024-24937 · Answer +1 · Answer +1

Name of the Vulnerable Software and Affected Versions: Danswer versions prior to 3.63 Description: Danswer, the AI Assistant connected to a company's documents, applications, and people, is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. This vulnerability allows anyone with...

Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Windows)

The host is installed with Active Perl and is prone to HTTP header injection vulnerability. OpenVAS Vulnerability Test $Id: gbactiveperlcgipmmoduleheaderinjevulnwin.nasl 6086 2017-05-09 09:03:30Z teissa $ Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability Windows Author...

Strawberry Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Windows)

The host is installed with Strawberry Perl and is prone to HTTP header injection vulnerability. OpenVAS Vulnerability Test $Id: gbperlcgipmmoduleheaderinjevulnwin.nasl 6074 2017-05-05 09:03:14Z teissa $ Strawberry Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability Windows...

Support Incident Tracker SiT! < 3.64 Multiple SQLi Vulnerabilities

Support Incident Tracker is prone to multiple SQL injection SQLi vulnerabilities. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

HTML-Parser 'decode_entities()' Denial of Service Vulnerability

HTML-Parser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...