CVE-2024-8057

Name of the Vulnerable Software and Affected Versions danswer-ai/danswer version 0.4.1

Description A vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security.

Recommendations For version 0.4.1, consider restricting the ability of basic users to create credentials and link them to existing connectors to prevent excessive resource consumption and potential Denial of Service (DoS) attacks. As a temporary workaround, restrict access to the connector linking feature for basic users until a patch is available.