Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-6090

HistoryJun 27, 2024 - 6:40 p.m.

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

2024-06-2718:40:51

CWE-400

@huntr_ai

github.com

path traversal vulnerability

gaizhenbiao/chuanhuchatgpt

version 20240410

unauthorized users

delete

chat histories

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users’ chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to authenticate.

CNA Affected

[
  {
    "vendor": "gaizhenbiao",
    "product": "gaizhenbiao/chuanhuchatgpt",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-6090