CRITICAL🇵🇱 Wersja polska

CVE-2024-5982

CVSS 9.8v3.1pub. 2024-10-29upd. 2024-11-14

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.

🤖 AI Analysis
How it works

The problem occurs in three places: the load_chat_history function in modules/models/base_model.py allows uploading arbitrary files to the server through unsecured upload, which can lead to RCE. The get_history_names function in utils.py allows creating arbitrary directories in the file system. The load_template function in utils.py can be exploited to read the first column of CSV files, leading to data disclosure. The common cause of all three problems is improper sanitization of user input data before combining them with directory paths using os.path.join.

Impact

An unauthenticated remote attacker can upload arbitrary files to the server (which can consequently lead to RCE), create arbitrary directories in the file system, and read data from CSV files stored on the server.

Mitigation & patch

Apply patches available from the vendor according to references — the fix was introduced in commit 952fc8c3cbacead858311747cddd4bedcb4721d7 in the project's GitHub repository

Who is affected

Latest version of the gaizhenbiao/chuanhuchatgpt application (versions specified in vendor references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gaizhenbiao Chuanhuchatgpt

    APP
    Gaizhenbiao
    < 20240918
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2024-5823CRITICAL9.1PL ✓ten sam produkt

Nadpisanie plików konfiguracyjnych w ChuanhuChatGPT (file overwrite)

CVE-2024-6036CRITICAL9.1PL ✓ten sam produkt

Nieautoryzowany restart serwera w ChuanhuChatGPT poprzez endpoint /queue/join

CVE-2024-6037CRITICAL9.1PL ✓ten sam produkt

Tworzenie arbitralnych folderów na serwerze w ChuanhuChatGPT

CVE-2024-5822CRITICAL9.8PL ✓ten sam produkt

SSRF w interfejsie upload ChuanhuChatGPT — dostęp do zasobów wewnętrznych

CVE-2024-3234CRITICAL9.8PL ✓ten sam produkt

Path traversal w ChuanhuChatGPT — dostęp do poufnych plików