Infiniflow Ragflow Improper Authentication Vulnerability Allowing Unauthorized Access to User Invite Lists

Vulnerability

An improper authentication vulnerability has been identified in Infiniflow Ragflow version 0.12.0. This vulnerability allows users to access and view another user's invite list, potentially leading to unauthorized exposure of personal information such as email addresses and usernames. Such data leakage could be exploited for phishing or spam attacks, causing a loss of trust and possible regulatory complications.

Impact

Exploitation of this vulnerability could result in unauthorized access to personal information on invite lists, including email addresses and usernames, leading to privacy breaches and potential phishing or spam attacks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infiniflow Ragflow Improper Authentication Vulnerability Allowing Unauthorized Access to User Invite Lists

Vulnerability

Impact

Affected Products

infiniflow/ragflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating