Vulnerabilities > CVE-2024-7767 - Unspecified vulnerability in Onyx 0.3.94

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

onyx

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and potential compliance violations.

Vulnerable Configurations

Part	Description	Count
Application	Onyx Onyx Onyx 0.3.94	1

References

https://huntr.com/bounties/1425dada-72d8-4bd9-a3e7-2863bb3e1a6c
https://huntr.com/bounties/1425dada-72d8-4bd9-a3e7-2863bb3e1a6c