A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.
The vulnerability results from insufficient input validation in the upload interface, which is classified as CWE-918. An attacker can submit a crafted request containing a URL pointing to internal infrastructure resources (e.g., cloud metadata, internal services, local administrative interfaces). The server processes such a request on its own side, acting as an intermediary and potentially exposing the response to the attacker. The exploit does not require authentication, user interaction, or special privileges.
An attacker can bypass access control mechanisms and gain access to sensitive data stored in internal network resources, including potentially confidential configurations, credentials, or services not directly accessible from the Internet. Depending on the environment, this can lead to complete compromise of system confidentiality, integrity, and availability (CVSS C:H/I:H/A:H).
Apply patches available from the vendor according to the references. It is recommended to update to a version newer than ChuanhuChatGPT-20240410-git.zip. Additionally, it is recommended to implement restrictive filtering rules for outgoing HTTP requests on the server side (allowlist of permitted domains/IP addresses) and network isolation of the application instance.
Gaizhenbiao ChuanhuChatGPT in versions <= ChuanhuChatGPT-20240410-git.zip
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGaizhenbiao Chuanhuchatgpt
APPGaizhenbiao20240410
Related vulnerabilities
Nadpisanie plików konfiguracyjnych w ChuanhuChatGPT (file overwrite)
Path Traversal i RCE w ChuanhuChatGPT — niezabezpieczone dane wejściowe
Tworzenie arbitralnych folderów na serwerze w ChuanhuChatGPT
Nieautoryzowany restart serwera w ChuanhuChatGPT poprzez endpoint /queue/join
Path traversal w ChuanhuChatGPT — dostęp do poufnych plików