Medium severity6.5NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-9617

Description

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/8f683ff6-3a99-41c6-b763-a8f7b73bd146nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000