| タイトル | chatchat-space Langchain-Chatchat 0.3.1.3 Use of Insufficiently Random Values / CWE-330 |
|---|
| 説明 | A vulnerability was found in chatchat-space Langchain-Chatchat 0.3.1.3. Affected by this vulnerability is the function _get_file_id() of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py (lines 229–235) of the component File Identifier Generation. The manipulation leads to use of insufficiently random values. File identifiers are generated by base64-encoding the deterministic string {purpose}/{date}/{filename} (e.g., base64("assistants/2026-04-01/photo.png")) with no random component. An attacker who knows or can infer the upload date and filename can construct valid file_id values for any uploaded file without prior observation, enabling targeted read, overwrite, or deletion via the unauthenticated /v1/files/{file_id} endpoints. Common filenames combined with a 30-day date enumeration window require at most 120 requests to locate uploaded files. The attack may be initiated remotely. The exploit has been disclosed to the public. It is recommended to introduce a UUID4 random component into the file identifier generation logic. |
|---|
| ソース | ⚠️ https://github.com/chatchat-space/Langchain-Chatchat/issues/5464 |
|---|
| ユーザー | Dem00 (UID 84913) |
|---|
| 送信 | 2026年04月19日 10:23 (2 月 ago) |
|---|
| モデレーション | 2026年05月05日 12:21 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 361126 [chatchat-space Langchain-Chatchat 迄 0.3.1.3 Uploaded File openai_routes.py _get_file_id 弱い暗号化] |
|---|
| ポイント | 20 |
|---|