cnvd - cnvd-2025-06184

CNVD-2025-06184

Vulnerability from cnvd - Published: 2025-03-31

Title

ChuanhuChatGPT安全绕过漏洞

Description

ChuanhuChatGPT是一款应用程序，为ChatGPT等多种LLM提供了一个轻快好用的Web图形界面和众多附加功能。 ChuanhuChatGPT存在安全绕过漏洞，该漏洞源于用户名通过客户端HTTP请求提供，攻击者可利用此漏洞导致身份验证绕过，读取和删除其他用户的聊天记录。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd

Reference

https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd

Impacted products

Name
ChuanhuChatGPT ChuanhuChatGPT 3856d4f

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-9216",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-9216"
    }
  },
  "description": "ChuanhuChatGPT\u662f\u4e00\u6b3e\u5e94\u7528\u7a0b\u5e8f\uff0c\u4e3aChatGPT\u7b49\u591a\u79cdLLM\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8f7b\u5feb\u597d\u7528\u7684Web\u56fe\u5f62\u754c\u9762\u548c\u4f17\u591a\u9644\u52a0\u529f\u80fd\u3002\n\nChuanhuChatGPT\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u540d\u901a\u8fc7\u5ba2\u6237\u7aefHTTP\u8bf7\u6c42\u63d0\u4f9b\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\uff0c\u8bfb\u53d6\u548c\u5220\u9664\u5176\u4ed6\u7528\u6237\u7684\u804a\u5929\u8bb0\u5f55\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-06184",
  "openTime": "2025-03-31",
  "products": {
    "product": "ChuanhuChatGPT ChuanhuChatGPT 3856d4f"
  },
  "referenceLink": "https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd",
  "serverity": "\u9ad8",
  "submitTime": "2025-03-27",
  "title": "ChuanhuChatGPT\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2024-9216 (GCVE-0-2024-9216)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 18:08

Summary

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user's username to the get_model function, thereby gaining unauthorized access to that user's chat history.

Severity ?

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-304 - Missing Critical Step in Authentication

Assigner

@huntr_ai

References

URL

Tags

https://huntr.com/bounties/21e54c3f-e2d7-423b-989…

Impacted products

	Vendor	Product	Version
	gaizhenbiao	gaizhenbiao/chuanhuchatgpt	Affected: unspecified , ≤ latest (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9216",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T18:07:35.308318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:08:04.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gaizhenbiao/chuanhuchatgpt",
          "vendor": "gaizhenbiao",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users\u0027 chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user\u0027s username to the get_model function, thereby gaining unauthorized access to that user\u0027s chat history."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-304",
              "description": "CWE-304 Missing Critical Step in Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:11:38.173Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd"
        }
      ],
      "source": {
        "advisory": "21e54c3f-e2d7-423b-9890-1f0cb99af4dd",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass in gaizhenbiao/ChuanhuChatGPT"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-9216",
    "datePublished": "2025-03-20T10:11:38.173Z",
    "dateReserved": "2024-09-26T16:30:21.273Z",
    "dateUpdated": "2025-03-20T18:08:04.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-06184

CVE-2024-9216 (GCVE-0-2024-9216)

Tags

Sightings

Nomenclature