SSRF Vulnerability in File Upload Section of privategpt version 0.5.0
CVE-2024-5186

7.2HIGH

Key Information:

Vendor: Imartinez
Status: Imartinez/privategpt
Vendor: CVE Published:; 6 June 2024

What is CVE-2024-5186?

A Server-Side Request Forgery (SSRF) vulnerability is present in the file upload functionality of the imartinez/privategpt software. Attackers can exploit this vulnerability by manipulating the 'path' parameter during the file upload process, enabling them to send crafted requests and gain unauthorized access to services within the local network. This could potentially lead to the exposure of sensitive data, including access to critical internal servers and AWS metadata endpoints, thus posing a significant risk to the security of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

imartinez/privategpt <= unspecified

References

https://huntr.com/bounties/5f421645-3546-4a67-a421-ee1bc4...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 21, 2024

JSON

Imartinez