danswer Unauthenticated User Privilege Escalation Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability in danswer-ai/danswer version 0.4.1 allows unauthenticated users to create credentials and link them to existing connectors. This issue arises because basic users can perform actions intended for admin users, potentially leading to excessive resource consumption and causing a Denial-of-Service (DoS) condition, along with other significant stability and security issues.

Impact

Exploitation of this vulnerability can cause excessive resource usage, leading to a Denial-of-Service condition and other serious stability and security problems.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

danswer Unauthenticated User Privilege Escalation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating