CVE-2024-8057

NONE EPSS 30.4%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security.

Threat Intelligence

EPSS Exploit Probability
30.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

References 1

  • huntr.com https://huntr.com/bounties/b5991b98-a721-4acd-8ef2-980e15682913

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.