CVE-2024-8065
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in Danswer AI version 1.4.1 allows attackers to trick authenticated users into performing unauthorized actions through their browser. This affects all users of the vulnerable version who access the application while authenticated. Attackers can connect malicious Slack bots, invite users, delete chats, and perform other actions without the victim's knowledge.
💻 Affected Systems
- Danswer AI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could connect the victim's Danswer instance to a malicious Slack bot that exfiltrates sensitive data, delete all chat histories, or invite unauthorized users to access the system.
Likely Case
Attackers would use phishing emails or malicious websites to trick authenticated users into performing actions like connecting to attacker-controlled Slack bots or deleting specific chats.
If Mitigated
With proper CSRF protection, all unauthorized actions would be blocked, and users would be protected from these attacks.
🎯 Exploit Status
Exploitation requires the victim to be authenticated and visit a malicious website or click a malicious link. No authentication bypass is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after v1.4.1
Vendor Advisory: https://huntr.com/bounties/61b58753-af36-43fd-b1b9-f3019532dd08
Restart Required: No
Instructions:
1. Update Danswer AI to the latest version. 2. Verify CSRF protection is implemented. 3. Test that unauthorized requests are properly rejected.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF token validation to all state-changing endpoints
SameSite Cookie Attribute
allSet SameSite=Strict or Lax on session cookies to prevent CSRF
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with CSRF protection rules
- Require re-authentication for sensitive actions and use double-submit cookie pattern
🔍 How to Verify
Check if Vulnerable:
Check if Danswer AI version is 1.4.1 and test if state-changing endpoints accept requests without CSRF tokensCheck Version:
Check the application version in the admin interface or configuration filesVerify Fix Applied:
Test that all POST/PUT/DELETE endpoints require valid CSRF tokens and reject requests without them📡 Detection & Monitoring
Log Indicators:
- Multiple failed CSRF token validations
- Unauthorized Slack bot connection attempts
- Unexpected chat deletions or user invitations
Network Indicators:
- Requests to sensitive endpoints without Referer headers or CSRF tokens
- Outbound connections to unfamiliar Slack bot endpoints
SIEM Query:
source="danswer" AND (action="slack_connect" OR action="delete_chat" OR action="invite_user") AND csrf_token="null"