CVE-2024-2217

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt (affected versions not specified)

Description The issue is related to improper access control, allowing unauthorized access to the config.json file. This affects both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (openai api key, google palm api key, xmchat api key, etc.), configuration details, and user credentials. The problem stems from the application's handling of HTTP requests for the config.json file, which does not properly restrict access based on user authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.