An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
References
Link | Resource |
---|---|
https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 | Exploit Third Party Advisory |
https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 - Exploit, Third Party Advisory |
11 Jun 2024, 17:02
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:* | |
First Time |
Gaizhenbiao
Gaizhenbiao chuanhuchatgpt |
|
References | () https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 - Exploit, Third Party Advisory |
05 Jun 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Jun 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-04 20:15
Updated : 2024-11-21 09:43
NVD link : CVE-2024-4520
Mitre link : CVE-2024-4520
CVE.ORG link : CVE-2024-4520
JSON object : View
Products Affected
gaizhenbiao
- chuanhuchatgpt
CWE