CVE-2024-8143 — MEDIUM (4.3)

Vulnerability Description

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gaizhenbiao	Chuanhuchatgpt	2024-06-28

Related Weaknesses (CWE)

CWE-1057

References

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e7Patch
https://huntr.com/bounties/71c5ea4b-524a-4173-8fd4-2fbabd69502eExploitThird Party Advisory

FAQ

What is CVE-2024-8143?

CVE-2024-8143 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a ...

How severe is CVE-2024-8143?

CVE-2024-8143 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8143?

Check the references section above for vendor advisories and patch information. Affected products include: Gaizhenbiao Chuanhuchatgpt.