CVE-2024-7767 – An improper access control vulnerability in dan... (How to Fix)

Q: What is the severity of CVE-2024-7767?

CVE-2024-7767 has a CVSS score of 8.1 (HIGH). An improper access control vulnerability in danswer-ai/danswer v0.3.94 allows the first user created in the system to view, modify, and delete chats created by an Admin. This affects all deployments using the vulnerable version, potentially exposing sensitive chat data and compromising data integrity.

📋 TL;DR

An improper access control vulnerability in danswer-ai/danswer v0.3.94 allows the first user created in the system to view, modify, and delete chats created by an Admin. This affects all deployments using the vulnerable version, potentially exposing sensitive chat data and compromising data integrity.

💻 Affected Systems

Products:

danswer-ai/danswer

Versions: v0.3.94

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments where the first user is not an admin or has been granted excessive permissions.

📦 What is this software?

Onyx by Onyx

View all CVEs affecting Onyx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

First user gains full control over all admin chats, leading to data theft, data destruction, compliance violations, and potential privilege escalation.

🟠

Likely Case

First user accesses sensitive admin conversations, potentially exposing confidential information or business intelligence.

🟢

If Mitigated

Limited impact with proper user management and monitoring, but still represents an access control failure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires being the first user created in the system, which limits widespread exploitation but makes targeted attacks feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.3.95 or later

Vendor Advisory: https://huntr.com/bounties/1425dada-72d8-4bd9-a3e7-2863bb3e1a6c

Restart Required: No

Instructions:

1. Update danswer-ai/danswer to version v0.3.95 or later. 2. Verify the update completed successfully. 3. Review user permissions to ensure proper access controls are in place.

🔧 Temporary Workarounds

Restrict First User Permissions

all

Manually adjust permissions for the first user to remove admin chat access capabilities.

🧯 If You Can't Patch

Monitor first user activity closely for unauthorized access to admin chats.
Implement additional authentication layers or network segmentation to limit access.

🔍 How to Verify

Check if Vulnerable:

Check if running danswer-ai/danswer version v0.3.94. Review user creation logs to identify the first user.

Check Version:

docker inspect danswer-ai/danswer | grep version

Verify Fix Applied:

Confirm version is v0.3.95 or later. Test that first user cannot access admin chats.

📡 Detection & Monitoring

Log Indicators:

First user accessing admin chat endpoints
Unauthorized chat modifications or deletions

Network Indicators:

Unusual API calls from first user to admin chat resources

SIEM Query:

source="danswer" AND (event="chat_access" OR event="chat_modify") AND user="first_user" AND target_user="admin"

📊 Metadata

CVE ID: CVE-2024-7767

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-862

EPSS Score: 0.07% exploit probability (22.2th percentile)

Published: March 20, 2025

Last Updated: October 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7767, you might also want to check these: