CVE-2024-32881 – Danswer AI Assistant versions before 3.63 have ... (How to Fix)

Q: What is the severity of CVE-2024-32881?

CVE-2024-32881 has a CVSS score of 9.8 (CRITICAL). Danswer AI Assistant versions before 3.63 have an authorization flaw allowing unauthorized access to Slack bot tokens. Attackers with network access can steal or set Slack bot tokens, potentially compromising the organization's Slack bot and gaining internal Slack access. All Danswer deployments with Slack integration are affected.

📋 TL;DR

Danswer AI Assistant versions before 3.63 have an authorization flaw allowing unauthorized access to Slack bot tokens. Attackers with network access can steal or set Slack bot tokens, potentially compromising the organization's Slack bot and gaining internal Slack access. All Danswer deployments with Slack integration are affected.

💻 Affected Systems

Products:

Danswer AI Assistant

Versions: All versions before 3.63

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with Slack integration configured. The vulnerability exists in the API endpoints handling Slack bot tokens.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Slack bot leading to unauthorized access to internal Slack channels, data exfiltration, and potential lateral movement within the organization's Slack workspace.

🟠

Likely Case

Attackers steal Slack bot tokens to read sensitive conversations, impersonate the bot, and potentially access connected systems through the compromised bot.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized network access to Danswer instances.

🌐 Internet-Facing: HIGH - Internet-facing Danswer instances are directly exploitable by any attacker.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access but no authentication. Simple HTTP requests to specific endpoints can exploit this.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.63

Vendor Advisory: https://github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j

Restart Required: Yes

Instructions:

1. Update Danswer to version 3.63 or later. 2. Restart the Danswer service. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Danswer instances to only trusted IP addresses or networks.

# Use firewall rules to restrict access
iptables -A INPUT -p tcp --dport <danswer_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <danswer_port> -j DROP

Disable Slack Integration

all

Temporarily disable Slack integration in Danswer configuration if not essential.

# Edit Danswer configuration file
# Set SLACK_ENABLED=false or remove Slack configuration

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Danswer instance.
Monitor for unusual API calls to Slack token endpoints and implement alerting.

🔍 How to Verify

Check if Vulnerable:

Check if Danswer version is below 3.63 and if Slack integration is enabled. Review access logs for unauthorized requests to Slack token endpoints.

Check Version:

Check Danswer web interface or logs for version information, or run: docker ps | grep danswer (if containerized)

Verify Fix Applied:

Confirm Danswer version is 3.63 or later. Test that unauthorized requests to Slack token endpoints now return proper authorization errors.

📡 Detection & Monitoring

Log Indicators:

Unauthorized HTTP requests to /api/slack/* endpoints, especially GET/POST to token-related endpoints
Failed authentication attempts on Slack token endpoints

Network Indicators:

Unusual traffic patterns to Danswer Slack API endpoints from unexpected sources
Outbound connections from Danswer to Slack that don't match normal bot behavior

SIEM Query:

source="danswer" AND (url_path="/api/slack/*" AND (http_method="GET" OR http_method="POST") AND NOT user_authenticated=true)

📊 Metadata

CVE ID: CVE-2024-32881

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

Published: April 26, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32881, you might also want to check these: