Description

In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security.

INFO

Published Date :

2025-03-20T10:10:47.321Z

Last Modified :

2025-10-15T12:49:55.152Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8057 vulnerability.

Vendors Products
Danswer-ai
  • Danswer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8057.

URL Resource
https://huntr.com/bounties/b5991b98-a721-4acd-8ef2-980e15682913 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact