Medium

chuanhuchatgpt

Unauthorized Access to User Chat History via /file Endpoint

A vulnerability in the latest version (20240628) of ChuanhuChatGPT allows authenticated users to access other users' chat histories through the /file endpoint. This issue has not yet been patched.

Available publicly on Oct 14 2024

6.5

CVE:

CVE-2024-8143

CWE:

1057:Data Access Operations Outside of Expected Data Manager Component

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Credit:

winters0x64
AssessDetect

Premium

Remediate
Remediation Steps
  • Implement access control checks to ensure that users can only access their own files.
  • Validate the file paths to prevent directory traversal attacks.
  • Update the /file endpoint to enforce stricter access permissions.
  • Regularly audit and test the application for similar vulnerabilities.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.