Description

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.

INFO

Published Date :

2024-04-26T20:46:33.551Z

Last Modified :

2024-08-02T02:20:35.603Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-32881 vulnerability.

Vendors Products
Danswer-ai
  • Danswer

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact