CVE-2024-9617
Published: 20 March 2025
Summary
CVE-2024-9617 is a medium-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2024-9617 is an insecure direct object reference (IDOR) flaw categorized under CWE-639 that affects the danswer-ai/danswer application at version 0.3.94. The vulnerability resides in the file-access logic, which fails to confirm that the requesting user is the owner of a given file before serving it through the GET /api/chat/file/{file_id} endpoint, thereby exposing any stored file to unauthorized retrieval.
An authenticated attacker with low-privileged access can exploit the issue by directly invoking the endpoint with arbitrary file identifiers. Successful exploitation grants read access to files belonging to other users, resulting in a confidentiality impact rated at CVSS 6.5 without affecting integrity or availability.
The associated EPSS score rose from a low baseline to a recorded peak of 0.1927 (current value 0.1556), indicating increased exploitation interest after public disclosure. The sole reference points to a huntr.dev bounty report that documents the finding but supplies no additional mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6859
Vulnerability details
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any…
more
user's file.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The IDOR vulnerability enables unauthorized access to any user's files via the chat API without ownership verification, facilitating file and directory discovery (T1083) and data collection from messaging/chat applications (T1213.005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires the application to enforce approved authorizations, directly preventing unauthorized access to files by verifying user ownership before serving contents via the API.
Mandates access control decisions based on policy, such as confirming the requester is the file creator prior to disclosure.
Employs least privilege to ensure users only access their own files, mitigating broad unauthorized read access across all files.