PT-2023-24667 · Unknown · Chuanhuchatgpt

Aboutbo

Publicado

2023-06-02

Atualizado

2023-06-16

CVE-2023-34094

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ChuanhuChatGPT versions 20230526 and prior

Description A vulnerability in ChuanhuChatGPT allows unauthorized access to the config.json file when authentication is not configured, potentially leading to the theft of API keys. Setting up access authentication can help mitigate this issue.

Recommendations For versions 20230526 and prior, set up access authentication to mitigate the vulnerability. As a temporary workaround, consider restricting access to the config.json file until a patch is applied. The issue has been fixed in commit bfac445, so updating to a version that includes this commit will resolve the issue.

Exploit

Correção

Missing Authentication

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-200

Identificadores relacionados

CVE-2023-34094

GHSA-J34W-9XR4-M9P8

Produtos afetados

Chuanhuchatgpt

PT-2023-24667 · Unknown · Chuanhuchatgpt

CVE-2023-34094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6