PT-2023-24667 · Unknown · Chuanhuchatgpt

Aboutbo

Published

2023-06-02

Updated

2023-06-16

CVE-2023-34094

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ChuanhuChatGPT versions 20230526 and prior

Description A vulnerability in ChuanhuChatGPT allows unauthorized access to the config.json file when authentication is not configured, potentially leading to the theft of API keys. Setting up access authentication can help mitigate this issue.

Recommendations For versions 20230526 and prior, set up access authentication to mitigate the vulnerability. As a temporary workaround, consider restricting access to the config.json file until a patch is applied. The issue has been fixed in commit bfac445, so updating to a version that includes this commit will resolve the issue.

Exploit

Fix

Missing Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-200

Related Identifiers

CVE-2023-34094

GHSA-J34W-9XR4-M9P8

Affected Products

Chuanhuchatgpt

PT-2023-24667 · Unknown · Chuanhuchatgpt

CVE-2023-34094

Weakness Enumeration

Related Identifiers

Affected Products

References · 6