CVE-2024-7767
Published: 20 March 2025
Summary
CVE-2024-7767 is a high-severity Missing Authorization (CWE-862) vulnerability in Onyx Onyx. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 48.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access, directly preventing the first user from viewing, modifying, or deleting admin-created chats.
Implements least privilege to ensure the first user lacks unnecessary permissions over admin chats, mitigating unauthorized access and modifications.
Manages accounts to identify and restrict first-user privileges, preventing unintended elevation allowing admin chat manipulation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control flaw enables low-privileged (first) users to exploit the vulnerability for privilege escalation to manipulate admin chats (T1068), modify stored chat data (T1565.001), and delete chats causing data destruction (T1485).
NVD Description
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss…
more
of data integrity, and potential compliance violations.
Deeper analysisAI
CVE-2024-7767 is an improper access control vulnerability (CWE-862) in danswer-ai/danswer version v0.3.94. It enables the first user created in the system to view, modify, and delete chats created by an Admin, potentially exposing sensitive information, compromising data integrity, and causing compliance issues. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and requirements for only low privileges.
An attacker with low-privileged access as the first user registered in the system can exploit this over the network without user interaction. Successful exploitation grants unauthorized viewing, modification, or deletion of Admin-created chats, leading to high-impact confidentiality breaches (e.g., access to sensitive data) and integrity violations (e.g., tampering with chat history), though availability remains unaffected.
Mitigation details are available in advisories published via Huntr, including at https://huntr.com/bounties/1425dada-72d8-4bd9-a3e7-2863bb3e1a6c. Security practitioners should review these for patch information or workarounds specific to danswer-ai/danswer v0.3.94 and upgrade promptly.
This issue affects an open-source AI-powered search and answering platform, highlighting access control risks in AI/ML deployments where user-generated chats may contain proprietary or sensitive data. No public evidence of real-world exploitation is noted as of the CVE publication on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Danswer (danswer-ai/danswer) is an open-source enterprise AI assistant for search and chat over knowledge bases, directly matching the 'Enterprise AI Assistants' category. The vulnerability involves improper access control to chats in this AI system.