CVE-2024-8065

NONE EPSS 9.6%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.

Threat Intelligence

EPSS Exploit Probability
9.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

References 1

  • huntr.com https://huntr.com/bounties/61b58753-af36-43fd-b1b9-f3019532dd08

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.