7.5

CVE-2024-4520

Exploit

EPSS 0.16%
Veröffentlicht 04.06.2024 20:15:11
Zuletzt bearbeitet 15.10.2025 13:15:45
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gaizhenbiao ≫ Chuanhuchatgpt Version <= 20240410

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.37

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000

Third Party Advisory

Exploit

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b

https://nvd.nist.gov/vuln/detail/CVE-2024-4520

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4520

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4520

EUVD