CVE-2024-7819: CORS Misconfiguration in danswer-ai/danswer

Published Mar 20, 2025

Updated

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validation of the origin header, enabling malicious web pages to make unauthorized requests to the application's API.

Affected Software

1 affected component

danswer-ai danswer

Event History

Mar 20, 2025

CVE Published

via MITRE·10:09 AM

Data Sourced

via MITRE·10:09 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:15 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2024-7819?

CVE-2024-7819 is classified as a high severity vulnerability due to its potential to expose sensitive information.

What information can be stolen due to CVE-2024-7819?

CVE-2024-7819 can allow attackers to steal sensitive information such as chat contents and API keys.

How do I fix CVE-2024-7819?

To fix CVE-2024-7819, ensure proper validation of the origin header in CORS settings.

Which versions of Danswer AI are affected by CVE-2024-7819?

CVE-2024-7819 affects Danswer AI version 1.4.1.

What is the cause of CVE-2024-7819?

CVE-2024-7819 is caused by a CORS misconfiguration that allows unauthorized requests due to improper origin header validation.

CVE-2024-7819: CORS Misconfiguration in danswer-ai/danswer

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-7819?

What information can be stolen due to CVE-2024-7819?

How do I fix CVE-2024-7819?

Which versions of Danswer AI are affected by CVE-2024-7819?

What is the cause of CVE-2024-7819?

Company

Resources

Contact