提出 #793554: zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Access情報

タイトルzhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Access
説明The chatgpt-on-wechat Web Console exposes all administrative HTTP endpoints without any form of authentication or authorization. The HTTP server default, making all endpoints accessible to any client on the network or internet. An unauthenticated attacker can read and modify application configuration (including API keys), connect/disconnect messaging channels, upload arbitrary files, read application logs, and access memory content.
ソース⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2733
ユーザー
 Yu_Bao (UID 89348)
送信2026年03月31日 12:14 (3 月 ago)
モデレーション2026年04月11日 22:22 (11 days later)
ステータス承諾済み
VulDBエントリ356990 [zhayujie chatgpt-on-wechat CowAgent 2.0.4 Administrative HTTP Endpoint 弱い認証]
ポイント19

Do you know our Splunk app?

Download it now for free!