Improper Access Control Vulnerability in Chuanhuchatgpt Could Lead to Data Breaches and Identity Theft
CVE-2024-4520

7.5HIGH

Key Information:

Vendor

Gaizhenbiao

Status
Gaizhenbiao/chuanhuchatgpt
Vendor
CVE Published:
4 June 2024

What is CVE-2024-4520?

An improper access control vulnerability in the Gaizhenbiao/ChuanhuChatGPT application, specifically in version 20240410, poses serious risks to user privacy. This flaw enables any user on the server to access the chat history of other users without any interaction. The exploitation of this vulnerability may lead to significant data breaches, resulting in exposure of sensitive personal details, financial data, and confidential conversations. It further opens avenues for identity theft and various fraudulent activities through unauthorized access to users' chat histories, rooted in insufficient access control mechanisms in managing chat data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240919

References

https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f...
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.