CVE-2023-34094 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-34094?

CVE-2023-34094 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to access the config.json file in ChuanhuChatGPT deployments without authentication configured. This exposes API keys and other sensitive configuration data. Anyone running ChuanhuChatGPT versions 20230526 or earlier without authentication is affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to access the config.json file in ChuanhuChatGPT deployments without authentication configured. This exposes API keys and other sensitive configuration data. Anyone running ChuanhuChatGPT versions 20230526 or earlier without authentication is affected.

💻 Affected Systems

Products:

ChuanhuChatGPT

Versions: 20230526 and prior versions

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when authentication is not configured. Default installations without authentication are vulnerable.

📦 What is this software?

Chuanhuchatgpt by Chuanhuchatgpt Project

View all CVEs affecting Chuanhuchatgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal API keys, gain unauthorized access to LLM services, incur financial costs from API abuse, and potentially access other integrated services.

🟠

Likely Case

Unauthorized access to configuration files leading to API key theft and potential service abuse.

🟢

If Mitigated

No impact if proper authentication is configured or patched version is deployed.

🌐 Internet-Facing: HIGH - Internet-facing deployments without authentication are directly exploitable.

🏢 Internal Only: MEDIUM - Internal deployments still at risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to access config.json file. No authentication bypass needed when auth is disabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit bfac445 and later

Vendor Advisory: https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8

Restart Required: Yes

Instructions:

1. Update to latest version from GitHub repository. 2. Pull commit bfac445 or later. 3. Restart the ChuanhuChatGPT service.

🔧 Temporary Workarounds

Enable Authentication

all

Configure access authentication for ChuanhuChatGPT deployment

Configure authentication in ChuanhuChatGPT settings or deployment configuration

🧯 If You Can't Patch

Implement network-level access controls to restrict access to ChuanhuChatGPT
Move config.json to protected directory with proper file permissions

🔍 How to Verify

Check if Vulnerable:

Check if config.json is accessible via HTTP without authentication. Try accessing /config.json or similar endpoints.

Check Version:

Check ChuanhuChatGPT version in interface or deployment configuration

Verify Fix Applied:

Verify config.json is no longer accessible without authentication and check version is post-commit bfac445.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to config.json
Multiple failed authentication attempts

Network Indicators:

HTTP requests to config.json endpoint from unauthorized sources

SIEM Query:

source="web_server" AND (uri="/config.json" OR uri LIKE "%/config.json") AND response_code=200

📊 Metadata

CVE ID: CVE-2023-34094

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: June 2, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34094, you might also want to check these: