Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
Vulnerability Description
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
Danswer 安全漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer 存在安全漏洞,该漏洞源于 容易受到对 Slack Bot 令牌的 GET/SET 未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A