7.5
CVE-2024-4520
- EPSS 0.52%
- Veröffentlicht 04.06.2024 20:15:11
- Zuletzt bearbeitet 15.10.2025 13:15:45
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginImproper Access Control in gaizhenbiao/chuanhuchatgpt
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gaizhenbiao ≫ Chuanhuchatgpt Version <= 20240410
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.402 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@huntr.dev | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b