CVE-2024-7819
📋 TL;DR
A CORS misconfiguration in Danswer AI v1.4.1 allows malicious websites to make unauthorized cross-origin requests to the application's API, potentially stealing sensitive chat contents, API keys, and other data. This affects all deployments using the vulnerable version without proper CORS restrictions.
💻 Affected Systems
- danswer-ai/danswer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all sensitive data accessible via API including chat histories, API keys, and user information, leading to data breaches and unauthorized access to integrated systems.
Likely Case
Targeted data theft where attackers craft malicious websites to lure authenticated users, stealing their session data and sensitive information from Danswer.
If Mitigated
Limited impact with proper CORS policies, network segmentation, and authentication controls preventing cross-origin attacks.
🎯 Exploit Status
Exploitation requires the attacker to lure a victim to a malicious website while the victim has an active session with Danswer. The vulnerability is in the CORS origin validation logic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.4.2 or later
Vendor Advisory: https://huntr.com/bounties/06a21857-e13f-4cf4-aa67-de11419a98c0
Restart Required: No
Instructions:
1. Update Danswer to version 1.4.2 or later using your deployment method (Docker, source, etc.). 2. Verify the CORS configuration now properly validates origin headers. 3. Test that cross-origin requests are correctly restricted.
🔧 Temporary Workarounds
Restrict CORS Origins
allManually configure CORS to only allow trusted origins instead of wildcards or improper validation.
Set CORS_ALLOWED_ORIGINS environment variable to specific trusted domains
Network Segmentation
allPlace Danswer behind a reverse proxy that enforces strict CORS policies.
Configure nginx/apache to add proper CORS headers and origin validation
🧯 If You Can't Patch
- Implement strict CORS policies at the web server or reverse proxy level to only allow trusted domains.
- Use network segmentation to isolate Danswer from untrusted networks and implement strong authentication requirements.
🔍 How to Verify
Check if Vulnerable:
Check if running Danswer v1.4.1 and test CORS by making cross-origin requests from an untrusted domain to see if they succeed.Check Version:
docker inspect danswer-ai/danswer:latest | grep version or check application version endpointVerify Fix Applied:
After updating, test that cross-origin requests from untrusted domains are properly rejected with CORS errors.📡 Detection & Monitoring
Log Indicators:
- Multiple failed CORS preflight requests
- Requests with suspicious origin headers
- Unusual API access patterns from unexpected domains
Network Indicators:
- Cross-origin requests to Danswer API endpoints from untrusted domains
- OPTIONS requests followed by successful data requests
SIEM Query:
source="danswer" AND (http.method="OPTIONS" OR http.headers.origin="*")