High

chuanhuchatgpt

Unauthorized Chat History Access

A vulnerability in the chat application 'gaizhenbiao/chuanhuchatgpt' allows any user to access the chat history of any other user without any interaction. This issue affects version 20240410. There is no information provided on when or if this issue was patched.

Available publicly on Jun 04 2024

7.5

CVE:

CVE-2024-4520

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

mnqazi
AssessDetect

Premium

Remediate
Remediation Steps
  • Update the application to the latest version, if a patch has been released.
  • Review and strengthen access control mechanisms to ensure that user data can only be accessed by authorized parties.
  • Implement rigorous authentication and authorization checks before serving any user data.
  • Regularly audit the application for security vulnerabilities and address any issues promptly.
  • Educate users about potential risks and encourage them to report any suspicious activity.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.