CVE-2023-34094

Source
https://cve.org/CVERecord?id=CVE-2023-34094
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34094.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34094
Aliases
  • GHSA-j34w-9xr4-m9p8
Published
2023-06-02T15:19:45.596Z
Modified
2026-07-08T06:23:29.567049649Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ChuanhuChatGPT vulnerable to unauthorized configuration file access
Details

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34094.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/gaizhenbiao/chuanhuchatgpt

Affected ranges

Type
GIT
Repo
https://github.com/gaizhenbiao/chuanhuchatgpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20230526"
        }
    ]
}

Affected versions

Other
20230303
20230305
20230317
20230320
20230323
20230327
20230330
20230409
20230413
20230417
20230422
20230427
20230502
20230507
20230513
20230526

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34094.json"