The core of the vulnerability lies in the application's failure to implement adequate access control checks for the history files of its users. Once a user is authenticated, the application does not verify whether the authenticated user has the right to access the requested chat history file. This oversight allows an attacker, who has legitimate access to their own account, to craft a request that retrieves the chat history of another user. The impact of this vulnerability is significant as it compromises the confidentiality of user interactions within the application.

An attacker, after authenticating as a legitimate user (e.g., john_doe), crafts a malicious HTTP GET request to access the chat history file of another user (e.g., jane_smith). The request includes the attacker's valid access-token cookie, which the application incorrectly accepts as authorization to access any history file. Consequently, the attacker retrieves sensitive chat history data intended only for jane_smith, violating user privacy and confidentiality.

All users of the application version 20240121 with authentication enabled are potentially affected by this vulnerability. Specifically, users whose chat history contains sensitive or private information are at risk of having that information exposed to unauthorized parties.