Unauthorized Access and Manipulation of User Chat Histories
A vulnerability in the chat application version 20240802 allows attackers to access, copy, and delete other users' chat histories due to improper session handling and lack of access control. This issue was patched in version 20240918.
Available publicly on Nov 05 2024 | Available with Premium on Sep 18 2024
Remediation Steps
- Update to version 20240918 or later.
- Implement proper session handling to ensure that session data is correctly managed and isolated.
- Introduce robust access control mechanisms to prevent unauthorized access to user data.
- Conduct thorough security testing to identify and mitigate similar vulnerabilities.
- Educate users on the importance of updating to the latest version to ensure they are protected from known vulnerabilities.
Patch Details
- Fixed Version: 20240918
- Patch Commit: https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/526c615c437377ee9c71f866fd0f19011910f705
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.