CVE-2024-8065

Name of the Vulnerable Software and Affected Versions danswer-ai/danswer version v1.4.1

Description A Cross-Site Request Forgery (CSRF) issue allows attackers to perform unauthorized actions in the context of the victim's browser, including connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats. The application lacks CSRF protection, making it susceptible to these attacks.

Recommendations For version v1.4.1, consider implementing CSRF protection mechanisms to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive application features to minimize the risk of exploitation.