Improper Access Control Vulnerability in Chuanhuchatgpt Could Lead to Data Breaches and Identity Theft
CVE-2024-4520

7.5HIGH

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 4 June 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-4520?

An improper access control vulnerability in the Gaizhenbiao/ChuanhuChatGPT application, specifically in version 20240410, poses serious risks to user privacy. This flaw enables any user on the server to access the chat history of other users without any interaction. The exploitation of this vulnerability may lead to significant data breaches, resulting in exposure of sensitive personal details, financial data, and confidential conversations. It further opens avenues for identity theft and various fraudulent activities through unauthorized access to users' chat histories, rooted in insufficient access control mechanisms in managing chat data.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240919

References

https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f...

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2024

JSON