CVE-2024-8065

Summary

CVE-2024-8065 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting version v1.4.1 of the danswer-ai/danswer application. This issue allows attackers to execute unauthorized actions in a user's browser context, such as connecting the application to a malicious Slack Bot, inviting users, and deleting chats. The vulnerability arises due to the absence of CSRF protection in the application, making it susceptible to these attacks. Attackers can trick victims into clicking a malicious link or form, enabling them to perform these actions on behalf of the victim. This poses a significant risk to organizations using the Danswer AI application, as it can lead to unauthorized access and potential data breaches. Users are strongly encouraged to update to a patched version of the application as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.