Vulnerabilities > CVE-2024-3404 - Improper Access Control vulnerability in Gaizhenbiao Chuanhuchatgpt

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gaizhenbiao

CWE-284

NVD

Published: 2024-06-06

Updated: 2024-09-24

Summary

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.

Vulnerable Configurations

Part	Description	Count
Application	Gaizhenbiao Gaizhenbiao Chuanhuchatgpt - Gaizhenbiao Chuanhuchatgpt 20230303 Gaizhenbiao Chuanhuchatgpt 20230305 Gaizhenbiao Chuanhuchatgpt 20230307 Gaizhenbiao Chuanhuchatgpt 20230310 Gaizhenbiao Chuanhuchatgpt 20230314 Gaizhenbiao Chuanhuchatgpt 20230317 Gaizhenbiao Chuanhuchatgpt 20230320 Gaizhenbiao Chuanhuchatgpt 20230323 Gaizhenbiao Chuanhuchatgpt 20230327 Gaizhenbiao Chuanhuchatgpt 20230330 Gaizhenbiao Chuanhuchatgpt 20230405 Gaizhenbiao Chuanhuchatgpt 20230409 Gaizhenbiao Chuanhuchatgpt 20230413 Gaizhenbiao Chuanhuchatgpt 20230417 Gaizhenbiao Chuanhuchatgpt 20230422 Gaizhenbiao Chuanhuchatgpt 20230427 Gaizhenbiao Chuanhuchatgpt 20230502 Gaizhenbiao Chuanhuchatgpt 20230507 Gaizhenbiao Chuanhuchatgpt 20230513 Gaizhenbiao Chuanhuchatgpt 20230520 Gaizhenbiao Chuanhuchatgpt 20230526 Gaizhenbiao Chuanhuchatgpt 20230601 Gaizhenbiao Chuanhuchatgpt 20230614 Gaizhenbiao Chuanhuchatgpt 20230619 Gaizhenbiao Chuanhuchatgpt 20230628 Gaizhenbiao Chuanhuchatgpt 20230709 Gaizhenbiao Chuanhuchatgpt 20230719 Gaizhenbiao Chuanhuchatgpt 20230728 Gaizhenbiao Chuanhuchatgpt 20230809 Gaizhenbiao Chuanhuchatgpt 20230820 Gaizhenbiao Chuanhuchatgpt 20230830 Gaizhenbiao Chuanhuchatgpt 20230911 Gaizhenbiao Chuanhuchatgpt 20230916 Gaizhenbiao Chuanhuchatgpt 20230926 Gaizhenbiao Chuanhuchatgpt 20231006 Gaizhenbiao Chuanhuchatgpt 20231020 Gaizhenbiao Chuanhuchatgpt 20231110 Gaizhenbiao Chuanhuchatgpt 20231215 Gaizhenbiao Chuanhuchatgpt 20231223 Gaizhenbiao Chuanhuchatgpt 20240121 Gaizhenbiao Chuanhuchatgpt 20240305 Gaizhenbiao Chuanhuchatgpt 20240310 Gaizhenbiao Chuanhuchatgpt 20240410	44

Common Weakness Enumeration (CWE)

CWE-284 - Improper Access Control

Common Attack Pattern Enumeration and Classification (CAPEC)

Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699