إرسال #793554: zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Accessالمعلومات

عنوانzhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Access
الوصفThe chatgpt-on-wechat Web Console exposes all administrative HTTP endpoints without any form of authentication or authorization. The HTTP server default, making all endpoints accessible to any client on the network or internet. An unauthenticated attacker can read and modify application configuration (including API keys), connect/disconnect messaging channels, upload arbitrary files, read application logs, and access memory content.
المصدر⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2733
المستخدم
 Yu_Bao (UID 89348)
ارسال31/03/2026 12:14 PM (3 أشهر منذ)
الاعتدال11/04/2026 10:22 PM (11 days later)
الحالةتمت الموافقة
إدخال VulDB356990 [zhayujie chatgpt-on-wechat CowAgent 2.0.4 Administrative HTTP Endpoint توثيق ضعيف]
النقاط19

Do you know our Splunk app?

Download it now for free!