Description

In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end does not verify the visibility status of the search page. Consequently, attackers can directly call the API to access the functionalities provided by the search page, bypassing the visibility restriction set by the administrator.

INFO

Published Date :

2025-03-20T10:11:08.077Z

Last Modified :

2025-03-20T13:34:33.986Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9612 vulnerability.

Vendors Products
Onyx
  • Onyx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9612.

URL Resource
https://huntr.com/bounties/c1046fa0-a719-475e-ba62-2b97873fbac4 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact