CVE-2024-8143 Vulnerability Details

  /     /     /  

CVE-2024-8143 Metadata Quick Info

CVE Published: 29/10/2024 | CVE Updated: 29/10/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: gaizhenbiao | Product: gaizhenbiao/chuanhuchatgpt
Status : PUBLISHED

---

CVE-2024-8143 Description

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user\'s name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users\' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user\'s private chat history.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1057
CWE Name: CWE-1057 Data Access Operations Outside of Expected Data Manager Component
Source: gaizhenbiao

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).