Description

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validation of the origin header, enabling malicious web pages to make unauthorized requests to the application's API.

INFO

Published Date :

2025-03-20T10:09:02.046Z

Last Modified :

2025-03-20T18:59:15.771Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7819 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7819.

URL Resource
https://huntr.com/bounties/06a21857-e13f-4cf4-aa67-de11419a98c0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact