Vulnerability Description
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gaizhenbiao | Chuanhuchatgpt | <= 20240410 |
Related Weaknesses (CWE)
References
- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e7
- https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000ExploitThird Party Advisory
- https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000ExploitThird Party Advisory
FAQ
What is CVE-2024-4520?
CVE-2024-4520 is a vulnerability with a CVSS score of 7.5 (HIGH). An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat his...
How severe is CVE-2024-4520?
CVE-2024-4520 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-4520?
Check the references section above for vendor advisories and patch information. Affected products include: Gaizhenbiao Chuanhuchatgpt.