Description

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.

INFO

Published Date :

2025-03-20T10:10:04.617Z

Last Modified :

2025-03-20T14:31:35.789Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8065 vulnerability.

Vendors Products
Danswer-ai
  • Danswer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8065.

URL Resource
https://huntr.com/bounties/61b58753-af36-43fd-b1b9-f3019532dd08 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact