Lucene search

@huntr_aiCVELIST:CVE-2024-6090

HistoryJun 27, 2024 - 6:40 p.m.

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

2024-06-2718:40:51

CWE-400

@huntr_ai

www.cve.org

cve-2024-6090

path traversal

vulnerability

gaizhenbiao/chuanhuchatgpt

chat histories

denial of service

authentication

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users’ chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to authenticate.

CNA Affected

[
  {
    "vendor": "gaizhenbiao",
    "product": "gaizhenbiao/chuanhuchatgpt",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-6090