Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in danswer-ai/danswer
Vulnerability Description
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and potential compliance violations.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Danswer 安全漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer v0.3.94版本存在安全漏洞,该漏洞源于访问控制不当,允许第一个用户查看、修改和删除管理员创建的聊天。
CVSS Information
N/A
Vulnerability Type
N/A