CVE-2024-4520

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240410

Description An improper access control issue exists, allowing any user on the server to access the chat history of other users without interaction. This could lead to data breaches, exposing sensitive details, financial data, or confidential conversations, and facilitate identity theft, manipulation, or fraud due to insufficient access control mechanisms in handling chat history data.

Recommendations For version 20240410, consider restricting access to chat history data until a patch is available. As a temporary workaround, disabling the feature that allows access to chat history may minimize the risk of exploitation. Additionally, reviewing and enhancing access control mechanisms in the application's handling of chat history data is recommended.