VYPR
High severity8.1NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-8065

CVE-2024-8065

Description

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Danswer AI/Danswerinferred2 versions
    =1.4.1+ 1 more
    • (no CPE)range: =1.4.1
    • (no CPE)range: = v1.4.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.