CVE-2024-3404

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240121

Description The issue is due to improper access control mechanisms, allowing an authenticated attacker to bypass intended access restrictions and read the history files of other users. This could lead to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the history path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files.

Recommendations For version 20240121, consider disabling access to the history path until a patch is available. Restrict access to the history files to minimize the risk of exploitation. Avoid using the history files in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.