CVE-2024-12880

Medium CVSS: 6.5

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and access API tokens of other tenants. This vulnerability affects the following endpoints: /v1/system/token_list, /v1/system/new_token, /v1/api/token_list, /v1/api/new_token, and /v1/api/rm. An attacker can exploit this to access other tenants' API tokens, perform actions on behalf of other tenants, and access their data.

Vendor

Infiniflow

Product

Ragflow

CWE

CWE-639

Yayın Tarihi

2025-03-20 10:15:31

Güncelleme

2025-10-15 13:15:41

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-639 Ragflow MEDIUM Infiniflow 2025

Referanslar

https://huntr.com/bounties/c41c7eaa-554a-408c-96be-9dba56113970

Benzer Kayıtlar

Critical

CVE-2026-24770

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions,…

High

CVE-2025-68700

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged aut…

High

CVE-2025-69286

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecu…

Medium

CVE-2025-51462

Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attack…

Critical

CVE-2025-48187

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against…

Medium

CVE-2024-12869

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view anot…