Description
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.
INFO
Published Date :
2024-04-26T20:46:33.551Z
Last Modified :
2024-08-02T02:20:35.603Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-32881 vulnerability.
| Vendors | Products |
|---|---|
| Danswer-ai |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32881.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact