Cyber Resilience

CVE-2024-32881

Critical

Published: 26 April 2024

Published
26 April 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32881 is a critical-severity Improper Authorization (CWE-285) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

EU & UK References

Vulnerability details

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise…

more

of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Danswer is explicitly described as 'the AI Assistant connected to company's docs, apps, and people,' directly matching the Enterprise AI Assistants category.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
Why these techniques?

The vulnerability enables unauthorized network access to GET/SET Slack bot tokens, facilitating exploitation for credential access (T1212) and stealing application access tokens (T1528).

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-285

Documented procedures facilitate correct implementation and ongoing management of authorization decisions.

addresses: CWE-285

Periodic reviews identify and correct flaws in authorization decisions or enforcement.

addresses: CWE-285

The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.

addresses: CWE-285

Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.

addresses: CWE-285

Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.

addresses: CWE-285

The control explicitly requires authorization of each wireless access type prior to permitting connections.

addresses: CWE-285

Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.

addresses: CWE-285

Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.

References