CVE-2024-8143

29 Oct 2024

Título es

CVE-2024-8143

Mar, 29/10/2024 – 13:15

Tipo

CWE-1057

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-8143

Descripción en

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.

29/10/2024

Vector CVSS:3.1

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b

https://huntr.com/bounties/71c5ea4b-524a-4173-8fd4-2fbabd69502e

Enviar en el boletín

Off

CVE-2024-8143

CVE-2024-8143

Jose Alexis Correa Valencia