Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Improper Access Control in danswer-ai/danswer
CVE-2024-7767
Description
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and potential compliance violations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=0.3.94+ 1 more
- (no CPE)range: =0.3.94
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.