Path Traversal Vulnerability in gaizhenbiao's ChuanhuChatGPT Application
CVE-2024-6090

7.5HIGH

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 27 June 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-6090?

A path traversal vulnerability in ChuanhuChatGPT allows unauthenticated users to delete chat histories of other users, as well as any files with a .json extension on the server. This issue significantly affects the application's functionality, leading to potential denial of service for legitimate users who cannot access the system for authentication.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240918

References

https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d...

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/526c...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024

JSON