Cyber Resilience

CVE-2024-9612

MediumPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0013 31.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9612 is a medium-severity Insufficient Isolation of System-Dependent Functions (CWE-1100) vulnerability in Onyx Onyx. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.

EU & UK References

Vulnerability details

In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end…

more

interface. However, the back-end does not verify the visibility status of the search page. Consequently, attackers can directly call the API to access the functionalities provided by the search page, bypassing the visibility restriction set by the administrator.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1213 Data from Information Repositories Collection
Adversaries may leverage information repositories to mine valuable information.
Why these techniques?

The vulnerability enables exploitation of the remote Danswer API service (T1210) by bypassing front-end visibility restrictions, facilitating unauthorized access to search functionalities for collecting data from information repositories (T1213).

Affected Assets

onyx
onyx
0.3.94

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References