| 제목 | chatchat-space Langchain-Chatchat 0.3.1.3 Use of Insufficiently Random Values / CWE-330 |
|---|
| 설명 | A vulnerability was found in chatchat-space Langchain-Chatchat 0.3.1.3. Affected by this vulnerability is the function _get_file_id() of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py (lines 229–235) of the component File Identifier Generation. The manipulation leads to use of insufficiently random values. File identifiers are generated by base64-encoding the deterministic string {purpose}/{date}/{filename} (e.g., base64("assistants/2026-04-01/photo.png")) with no random component. An attacker who knows or can infer the upload date and filename can construct valid file_id values for any uploaded file without prior observation, enabling targeted read, overwrite, or deletion via the unauthenticated /v1/files/{file_id} endpoints. Common filenames combined with a 30-day date enumeration window require at most 120 requests to locate uploaded files. The attack may be initiated remotely. The exploit has been disclosed to the public. It is recommended to introduce a UUID4 random component into the file identifier generation logic. |
|---|
| 원천 | ⚠️ https://github.com/chatchat-space/Langchain-Chatchat/issues/5464 |
|---|
| 사용자 | Dem00 (UID 84913) |
|---|
| 제출 | 2026. 04. 19. AM 10:23 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 05. PM 12:21 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 361126 [chatchat-space Langchain-Chatchat 까지 0.3.1.3 Uploaded File openai_routes.py _get_file_id 약한 암호화] |
|---|
| 포인트들 | 20 |
|---|