Unauthorized Access to User Chat History via /file Endpoint
A vulnerability in the latest version (20240628) of ChuanhuChatGPT allows authenticated users to access other users' chat histories through the /file endpoint. This issue has not yet been patched.
Available publicly on Oct 14 2024
Threat Overview
The vulnerability arises from improper access control in the /file endpoint, allowing authenticated users to access files in other users' directories. This can lead to unauthorized disclosure of sensitive information, as users can enumerate and read chat history files of other users by manipulating the file path in the request.
Attack Scenario
An attacker logs in as a legitimate user and obtains an authentication cookie. Using this cookie, the attacker sends a GET request to the /file endpoint with a path to another user's chat history file. The server responds with the contents of the file, allowing the attacker to read the other user's private chat history.
Who is affected
All users of the latest version (20240628) of ChuanhuChatGPT are affected, as any authenticated user can potentially access the chat history of any other user.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.