CVE-2024-4520

Source
https://cve.org/CVERecord?id=CVE-2024-4520
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4520.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4520
Published
2024-06-04T19:40:44.543Z
Modified
2026-07-08T06:27:33.322909059Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Improper Access Control in gaizhenbiao/chuanhuchatgpt
Details

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4520.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/gaizhenbiao/chuanhuchatgpt

Affected ranges

Type
GIT
Repo
https://github.com/gaizhenbiao/chuanhuchatgpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20240410"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

Other
20230303
20230305
20230317
20230320
20230323
20230327
20230330
20230409
20230413
20230417
20230422
20230427
20230502
20230507
20230513
20230526
20230601
20230614
20230619
20230628
20230709
20230719
20230728
20230809
20230820
20230830
20230911
20230916
20230926
20231006
20231020
20231110
20231215
20231223
20240121
20240305
20240310
20240410
20240628
20240802
20240914
20240918
20240919
20240919-2
20240919-3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4520.json"