55 matches found
CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...
PT-2024-28627 · Bert-Vits · Bert-Vits
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue is related to the data dir variable, where user input is concatenated with other folders and used to open a new file in the generate config function, leading to a limited file write...
CVE-2024-3234
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...
CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...
CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...
BIT-MATTERMOST-2022-1332
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...
CVE-2024-26136
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...
CVE-2024-26136
CVE-2024-26136 — kedi ElectronCord is a Discord bot-management tool. The issue arises from a commit that exposes an account access token in the config.json file, enabling potential unauthorized access or actions on behalf of the repository owner. Several connected sources corroborate token exposu...
kedi ElectronCord Security Vulnerability
kedi ElectronCord is a bot management tool for Discord. A security vulnerability exists in kedi ElectronCord that originates from allowing account access tokens to be exposed in the "config.json" file...
Insecure Deserialization
huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...
Design/Logic Flaw
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
CVE-2023-34094
Summary: CVE-2023-34094 affects the ChuanhuChatGPT GUI for ChatGPT and related LLMs. A vulnerability in versions 20230526 and earlier allows an unauthenticated attacker to read the private config.json file, enabling theft of API keys stored there. The issue arises when authentication is not confi...
CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
container-tools:rhel8 bug fix and enhancement update
An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...
GHSA-9W4V-9C99-HV7R Mattermost Server exposes sensitive information via its System Console UI
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...
Improper Privilege Management in Mattermost
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. Per the Mattermost security updates...
CVE-2022-1332
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...