CVE-2024-9612

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 20, 2025

Updated: Apr 3, 2025

CWE ID 1100

Summary

CVE-2024-9612: In the v0.3.94 version of danswer-ai/danswer, administrators can hide the search page from regular users. Despite this restriction, the back-end does not verify the visibility status of the search page. As a result, attackers can still access the search page functionalities by directly calling the API, bypassing the intended access control.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zS3MRV
https://www.cve.org/CVERecord?id=CVE-2024-9612
https://nvd.nist.gov/vuln/detail/CVE-2024-9612

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-9612

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations