Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in danswer-ai/danswer
Vulnerability Description
In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the system allows an unauthenticated attacker to sign up with a basic account and perform actions that should be restricted to admin users. This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Danswer 访问控制错误漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer 0.4.1版本存在访问控制错误漏洞,该漏洞源于基本用户可以创建凭据并将其链接到现有连接器,可能导致资源过度消耗和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A