| Título | chatchat-space Langchain-Chatchat 0.3.1.3 Use of Insufficiently Random Values / CWE-330 |
|---|
| Descrição | A vulnerability was found in chatchat-space Langchain-Chatchat 0.3.1.3. Affected by this vulnerability is the function _get_file_id() of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py (lines 229–235) of the component File Identifier Generation. The manipulation leads to use of insufficiently random values. File identifiers are generated by base64-encoding the deterministic string {purpose}/{date}/{filename} (e.g., base64("assistants/2026-04-01/photo.png")) with no random component. An attacker who knows or can infer the upload date and filename can construct valid file_id values for any uploaded file without prior observation, enabling targeted read, overwrite, or deletion via the unauthenticated /v1/files/{file_id} endpoints. Common filenames combined with a 30-day date enumeration window require at most 120 requests to locate uploaded files. The attack may be initiated remotely. The exploit has been disclosed to the public. It is recommended to introduce a UUID4 random component into the file identifier generation logic. |
|---|
| Fonte | ⚠️ https://github.com/chatchat-space/Langchain-Chatchat/issues/5464 |
|---|
| Utilizador | Dem00 (UID 84913) |
|---|
| Submissão | 19/04/2026 10h23 (há 2 meses) |
|---|
| Moderação | 05/05/2026 12h21 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 361126 [chatchat-space Langchain-Chatchat até 0.3.1.3 Uploaded File openai_routes.py _get_file_id Encriptação fraca] |
|---|
| Pontos | 20 |
|---|