PT-2025-12189 · Unknown · Danswer-Ai/Danswer

Published

2025-03-20

Updated

2025-03-20

CVE-2024-7767

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions danswer-ai/danswer version v0.3.94

Description An improper access control issue exists, allowing the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and potential compliance violations.

Recommendations For version v0.3.94, consider restricting the privileges of the first user created in the system to prevent unauthorized access to sensitive information until a patch is available. As a temporary workaround, restrict access to chats created by an Admin to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-7767

Affected Products

Danswer-Ai/Danswer

PT-2025-12189 · Unknown · Danswer-Ai/Danswer

CVE-2024-7767

Weakness Enumeration

Related Identifiers

Affected Products

References · 4