CVE-2024-12869

Source
https://cve.org/CVERecord?id=CVE-2024-12869
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12869.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12869
Published
2025-03-20T10:11:19.807Z
Modified
2026-07-15T01:48:54.199202419Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Improper Authentication in infiniflow/ragflow
Details

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12869.json",
    "cwe_ids": [
        "CWE-306"
    ],
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/infiniflow/ragflow

Affected ranges

Type
GIT
Repo
https://github.com/infiniflow/ragflow
Events
Database specific
{
    "cpe": "cpe:2.3:a:infiniflow:ragflow:0.12.0:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "0.12.0"
        },
        {
            "last_affected": "0.12.0"
        }
    ]
}

Affected versions

0.*
0.12.0
v0.*
v0.12.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12869.json"