Description

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.

INFO

Published Date :

2025-03-20T10:10:25.706Z

Last Modified :

2025-03-20T18:21:41.289Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9617 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9617.

URL Resource
https://huntr.com/bounties/8f683ff6-3a99-41c6-b763-a8f7b73bd146 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact