Cyber Resilience

CVE-2024-9617

Medium

Published: 20 March 2025

Published
20 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1556 94.8th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9617 is a medium-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-9617 is an insecure direct object reference (IDOR) flaw categorized under CWE-639 that affects the danswer-ai/danswer application at version 0.3.94. The vulnerability resides in the file-access logic, which fails to confirm that the requesting user is the owner of a given file before serving it through the GET /api/chat/file/{file_id} endpoint, thereby exposing any stored file to unauthorized retrieval.

An authenticated attacker with low-privileged access can exploit the issue by directly invoking the endpoint with arbitrary file identifiers. Successful exploitation grants read access to files belonging to other users, resulting in a confidentiality impact rated at CVSS 6.5 without affecting integrity or availability.

The associated EPSS score rose from a low baseline to a recorded peak of 0.1927 (current value 0.1556), indicating increased exploitation interest after public disclosure. The sole reference points to a huntr.dev bounty report that documents the finding but supplies no additional mitigation guidance.

EU & UK References

Vulnerability details

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any…

more

user's file.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1213.005 Messaging Applications Collection
Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valuable information.
Why these techniques?

The IDOR vulnerability enables unauthorized access to any user's files via the chat API without ownership verification, facilitating file and directory discovery (T1083) and data collection from messaging/chat applications (T1213.005).

CVEs Like This One

CVE-2024-8613Shared CWE-639
CVE-2024-50693Shared CWE-639
CVE-2026-28696Shared CWE-639
CVE-2026-3453Shared CWE-639
CVE-2026-40981Shared CWE-639
CVE-2026-24901Shared CWE-639
CVE-2026-44400Shared CWE-639
CVE-2016-20033Shared CWE-639
CVE-2024-39033Shared CWE-639
CVE-2026-25197Shared CWE-639

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires the application to enforce approved authorizations, directly preventing unauthorized access to files by verifying user ownership before serving contents via the API.

prevent

Mandates access control decisions based on policy, such as confirming the requester is the file creator prior to disclosure.

prevent

Employs least privilege to ensure users only access their own files, mitigating broad unauthorized read access across all files.

References