Security Advisory

CVE-2024-9617

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:25

Last updated 2025-10-15 12:50:47

Assigner @huntr_ai

State PUBLISHED

Description

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any users file.

← Browse all CVEs View on cve.org ↗