Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized Access in danswer-ai/danswer
Vulnerability Description
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end does not verify the visibility status of the search page. Consequently, attackers can directly call the API to access the functionalities provided by the search page, bypassing the visibility restriction set by the administrator.
CVSS Information
N/A
Vulnerability Type
CWE-1100
Vulnerability Title
Danswer 安全漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer v0.3.94版本存在安全漏洞,该漏洞源于后端未验证搜索页面的可见性状态,可能导致攻击者绕过可见性限制。
CVSS Information
N/A
Vulnerability Type
N/A