1. Home
  2. CVE Database
  3. CVE-2024-12869
MEDIUM · 4.3

CVE-2024-12869

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal ...

Vulnerability Description

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
InfiniflowRagflow0.12.0

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2024-12869?

CVE-2024-12869 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal ...

How severe is CVE-2024-12869?

CVE-2024-12869 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12869?

Check the references section above for vendor advisories and patch information. Affected products include: Infiniflow Ragflow.