cbcvebase.
CVE-2024-9617
published 2025-03-20

CVE-2024-9617: An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator…

PriorityP345medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.56%
72.1th percentile
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.

Affected

1 ranges
VendorProductVersion rangeFixed in
danswer-aidanswer-ai_danswerunspecified – latest
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.