Description

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user's username to the get_model function, thereby gaining unauthorized access to that user's chat history.

INFO

Published Date :

2025-03-20T10:11:38.173Z

Last Modified :

2025-03-20T18:08:04.051Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9216 vulnerability.

Vendors Products
Gaizhenbiao
  • Chuanhuchatgpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9216.

URL Resource
https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact