CVE-2024-8143 in ChuanhuChatGPT
Summary
by MITRE • 10/29/2024
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/01/2024
The vulnerability identified in CVE-2024-8143 represents a critical authorization bypass flaw within the gaizhenbiao/chuanhuchatgpt application version 20240628. This issue stems from improper access control mechanisms implemented in the file handling endpoint, specifically the /file endpoint that governs user file operations. The application creates user-specific directories within a centralized history folder upon successful authentication, establishing a logical separation between user data. However, the vulnerability arises from the application's failure to properly validate user permissions when accessing files through the /file endpoint, creating a path traversal-like condition that allows authenticated users to navigate beyond their designated directory boundaries.
The technical implementation of this vulnerability demonstrates a classic lack of input validation and access control enforcement. When users authenticate to the system, the application generates unique directory structures named after each user within the shared history folder. The flaw occurs because the /file endpoint does not adequately verify that the requested file path belongs to the authenticated user's directory. Attackers can exploit this by manipulating the endpoint parameters to construct file paths that traverse to other users' directories, effectively bypassing the intended access controls. This represents a direct violation of the principle of least privilege and demonstrates poor sandboxing practices within the application's file access architecture.
The operational impact of this vulnerability extends beyond simple data exposure, creating significant privacy and security implications for all users of the affected system. An authenticated attacker can systematically enumerate user directories and access private chat histories belonging to other users, potentially exposing sensitive communications, personal information, or confidential data exchanged through the chat platform. The vulnerability affects the confidentiality aspect of the CIA triad, as it allows unauthorized data disclosure without requiring additional privileges or credentials. This type of information disclosure can lead to identity theft, social engineering attacks, or compromise of sensitive business communications, making it particularly dangerous in enterprise or healthcare environments where chat applications handle protected information.
From a cybersecurity framework perspective, this vulnerability maps directly to CWE-285 (Improper Authorization) and CWE-22 (Path Traversal) categories, with potential ATT&CK framework mappings to T1566 (Phishing) and T1078 (Valid Accounts) for exploitation scenarios. The weakness exists in the application's authorization enforcement mechanism, specifically in how it handles file access requests without proper user context validation. Mitigation strategies should include implementing robust input validation and access control checks at the /file endpoint, ensuring that all file access requests are properly authenticated and authorized against the requesting user's directory context. Additionally, the application should employ proper path sanitization techniques, implement directory traversal prevention measures, and enforce strict access controls that validate user permissions before granting file access. Regular security audits and automated vulnerability scanning should be implemented to identify similar authorization bypass vulnerabilities in other components of the application.