High severity8.1NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-8065
CVE-2024-8065
Description
A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=1.4.1+ 1 more
- (no CPE)range: =1.4.1
- (no CPE)range: = v1.4.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.