Описание
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.
EPSS
Процентиль: 95%
0.17349
Средний
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
11 месяцев назад
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.
EPSS
Процентиль: 95%
0.17349
Средний
6.5 Medium
CVSS3
Дефекты
CWE-639