What is the severity of CVE-2024-12869?

CVE-2024-12869 is classified as a medium severity vulnerability due to its potential to cause privacy breaches.

How do I fix CVE-2024-12869?

To fix CVE-2024-12869, update to the latest version of infiniflow/ragflow that patches the improper authentication flaw.

What does CVE-2024-12869 affect?

CVE-2024-12869 affects infiniflow/ragflow version v0.12.0 and earlier versions.

Can CVE-2024-12869 lead to data exposure?

Yes, CVE-2024-12869 can lead to unauthorized access to another user's invite list, resulting in potential data exposure.

Is there a workaround for CVE-2024-12869 until a fix is applied?

Currently, there are no known workarounds for CVE-2024-12869; users should upgrade to a fixed version as soon as possible.

Vulnerability/
CVE-2024-12869

medium

4.3

CWE

287

20/3/2025

1/4/2025

CVE-2024-12869: Improper Authentication in infiniflow/ragflow

First published: Thu Mar 20 2025(Updated: )

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
RAGFlow
RAGFlow	=0.12.0

Never miss a vulnerability like this again

Reference Links

https://huntr.com/bounties/768b1a56-1e79-416a-8445-65953568b04a

Frequently Asked Questions

What is the severity of CVE-2024-12869?
CVE-2024-12869 is classified as a medium severity vulnerability due to its potential to cause privacy breaches.
How do I fix CVE-2024-12869?
To fix CVE-2024-12869, update to the latest version of infiniflow/ragflow that patches the improper authentication flaw.
What does CVE-2024-12869 affect?
CVE-2024-12869 affects infiniflow/ragflow version v0.12.0 and earlier versions.
Can CVE-2024-12869 lead to data exposure?
Yes, CVE-2024-12869 can lead to unauthorized access to another user's invite list, resulting in potential data exposure.
Is there a workaround for CVE-2024-12869 until a fix is applied?
Currently, there are no known workarounds for CVE-2024-12869; users should upgrade to a fixed version as soon as possible.

agent/references
agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/author
agent/source
agent/tags
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
vendor/infiniflow
canonical/ragflow
version/ragflow/0.12.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.