Description

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.

INFO

Published Date :

2025-03-20T10:11:19.807Z

Last Modified :

2025-10-15T12:49:32.208Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12869 vulnerability.

Vendors Products
Infiniflow
  • Ragflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12869.

URL Resource
https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact