Open Redirect Vulnerability in PrivateGPT by imartinez
CVE-2024-5936

6.1MEDIUM

Key Information:

Vendor: imartinez
Status: PrivateGPT
Vendor: CVE Published:; 27 June 2024

What is CVE-2024-5936?

An open redirect vulnerability in imartinez's PrivateGPT version 0.5.0 arises from inadequate handling of the 'file' parameter. Attackers can exploit this flaw to manipulate users into redirecting to malicious URLs as it lacks proper validation and sanitization. This vulnerability heightens the risk of phishing schemes, malware distribution, and potential theft of user credentials, making it critical for users to ensure their application is updated to mitigate these risks.

References

https://huntr.com/bounties/43f05c1e-d7b8-45e2-b1fe-48faf1...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024