Medium

danswer

IDOR Vulnerability Allowing Unauthorized File Access

An IDOR vulnerability in version v0.3.94 allows attackers to view any file by directly calling the GET /api/chat/file/{file_id} interface. The issue has not yet been patched.

Available publicly on Oct 10 2024

6.5

CVE:

CVE-2024-9617

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Credit:

fewword
AssessDetect

Premium

Remediate
Remediation Steps
  • Implement access control checks to verify that the requester is authorized to access the file.
  • Update the endpoint to ensure proper authentication and authorization mechanisms are in place.
  • Conduct a security review of other endpoints to identify and fix similar issues.
  • Release a patched version of the software and notify users to update.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.