CVE-2024-9216

High CVSS: 8.1

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user's username to the get_model function, thereby gaining unauthorized access to that user's chat history.

Vendor

Gaizhenbiao

Product

Chuanhuchatgpt

CWE

CWE-304

Yayın Tarihi

2025-03-20 10:15:47

Güncelleme

2025-08-01 18:15:03

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-304 Chuanhuchatgpt HIGH Gaizhenbiao 2025

Referanslar

https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd

Benzer Kayıtlar

Medium

CVE-2025-0188

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vu…

Medium

CVE-2025-0191

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914…

Medium

CVE-2024-9107

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version…

Medium

CVE-2024-9159

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability all…

High

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users'…

Medium

CVE-2024-8400

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulner…