CVE-2024-32881

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-285
View all →

Vulnerability Description

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.

Related Vulnerabilities

CVE-2015-3954

CRITICAL
CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges o...

CWE-2852015

CVE-2015-5463

CRITICAL
CVSS:9.8(Critical)

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through ar...

CWE-2852015

CVE-2016-0922

CRITICAL
CVSS:9.8(Critical)

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

CWE-2852016

CVE-2016-10734

CRITICAL
CVSS:9.8(Critical)

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CWE-2852016

CVE-2016-5799

CRITICAL
CVSS:9.8(Critical)

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain acce...

CWE-2852016

CVE-2016-6825

CRITICAL
CVSS:9.8(Critical)

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC6...

CWE-2852016