VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Improper Access Control in danswer-ai/danswer

CVE-2024-7767

Description

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and potential compliance violations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Danswer AI/Danswerllm-fuzzy2 versions
    =0.3.94+ 1 more
    • (no CPE)range: =0.3.94
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.