cvedb.io
CVE-2024-8143
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2024-10-29T13:15:10.750 · Last modified 2026-06-17T08:21:59.170

Summary

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.

Affected products

gaizhenbiao — chuanhuchatgpt

Does this affect you?

Add your gear to cvedb and we'll alert you only when gaizhenbiao ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.