Security Advisory

CVE-2024-8065

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:04

Last updated 2025-03-20 14:31:35

Assigner @huntr_ai

State PUBLISHED

Description

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victims browser. This includes connecting the victims application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.

← Browse all CVEs View on cve.org ↗