CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.
References
Link Resource
https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 Exploit Issue Tracking Patch Third Party Advisory
https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 Exploit Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:29

Type Values Removed Values Added
References () https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 - Exploit, Issue Tracking, Patch, Third Party Advisory

24 Sep 2024, 14:11

Type Values Removed Values Added
First Time Gaizhenbiao
Gaizhenbiao chuanhuchatgpt
CPE cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*
References () https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 - () https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 - Exploit, Issue Tracking, Patch, Third Party Advisory

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) En gaizhenbiao/chuanhuchatgpt, específicamente en la versión etiquetada como 20240121, existe una vulnerabilidad debido a mecanismos de control de acceso inadecuados. Esta falla permite a un atacante autenticado eludir las restricciones de acceso previstas y leer los archivos "historiales" de otros usuarios, lo que podría conducir a un acceso no autorizado a información confidencial. La vulnerabilidad está presente en el manejo del control de acceso de la aplicación para la ruta del "historial", donde no existe ningún mecanismo adecuado para evitar que un usuario autenticado acceda a los archivos del historial de chat de otro usuario. Este problema plantea un riesgo importante, ya que podría permitir a los atacantes obtener información confidencial del historial de chat de otros usuarios.

06 Jun 2024, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 19:16

Updated : 2024-11-21 09:29


NVD link : CVE-2024-3404

Mitre link : CVE-2024-3404

CVE.ORG link : CVE-2024-3404


JSON object : View

Products Affected

gaizhenbiao

  • chuanhuchatgpt
CWE
CWE-284

Improper Access Control