Submeter #778315: PromtEngineer localGPT Latest (commit 4d41c7d) Missing Authentication and Authorizationinformação

TítuloPromtEngineer localGPT Latest (commit 4d41c7d) Missing Authentication and Authorization
DescriçãoA complete lack of authentication and authorization mechanisms in localGPT allows any unauthenticated user to create, read, modify, and delete all sessions and messages without any credentials. An attacker can access sensitive conversation history containing confidential information such as database credentials, API keys, customer data, and proprietary business information. This vulnerability affects all API endpoints and represents a critical security failure that exposes all data stored in the system.
Fonte⚠️ https://github.com/August829/CVEP/issues/8
Utilizador
 Yu_Bao (UID 89348)
Submissão12/03/2026 03h44 (há 17 dias)
Moderação27/03/2026 14h49 (15 days later)
EstadoAceite
Entrada VulDB353887 [PromtEngineer localGPT até 4d41c7d1713b16b216d8e062e51a5dd88b20b054 API Endpoint backend/server.py LocalGPTHandler BaseHTTPRequestHandler Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!