CVE-2024-32881
Published: 26 April 2024
Summary
CVE-2024-32881 is a critical-severity Improper Authorization (CWE-285) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30656
Vulnerability details
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise…
more
of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Danswer is explicitly described as 'the AI Assistant connected to company's docs, apps, and people,' directly matching the Enterprise AI Assistants category.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthorized network access to GET/SET Slack bot tokens, facilitating exploitation for credential access (T1212) and stealing application access tokens (T1528).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.