CVE-2024-9617
Published: 20 March 2025
Summary
CVE-2024-9617 is a uncategorised-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability. Its CVSS base score is N/A.
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires the application to enforce approved authorizations, directly preventing unauthorized access to files by verifying user ownership before serving contents via the API.
Mandates access control decisions based on policy, such as confirming the requester is the file creator prior to disclosure.
Employs least privilege to ensure users only access their own files, mitigating broad unauthorized read access across all files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The IDOR vulnerability enables unauthorized access to any user's files via the chat API without ownership verification, facilitating file and directory discovery (T1083) and data collection from messaging/chat applications (T1213.005).
NVD Description
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any…
more
user's file.
Deeper analysisAI
CVE-2024-9617 is an Insecure Direct Object Reference (IDOR) vulnerability, classified under CWE-639, affecting danswer-ai/danswer version 0.3.94. The flaw occurs because the application fails to verify whether a requesting user is the creator of a file before serving its contents. Specifically, attackers can directly invoke the GET /api/chat/file/{file_id} endpoint with any file identifier to access files belonging to other users.
Any authenticated user within the danswer-ai/danswer environment can exploit this vulnerability by supplying an arbitrary file_id in the API request, bypassing access controls. Successful exploitation grants unauthorized read access to sensitive files uploaded by other users, potentially exposing confidential data depending on what was stored.
The primary advisory is documented on Huntr at https://huntr.com/bounties/8f683ff6-3a99-41c6-b763-a8f7b73bd146, which details the issue reported via their bug bounty program. No specific patch or mitigation steps are outlined in the provided CVE information.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Danswer (danswer-ai/danswer) is an open-source enterprise AI search and chat assistant platform, fitting the Enterprise AI Assistants category.