CVE-2024-10956
📋 TL;DR
CVE-2024-10956 is a Cross-Site WebSocket Hijacking vulnerability in GPT Academy version 3.83 that allows attackers to hijack WebSocket connections between users and the server. This enables unauthorized actions like deleting conversation history without user consent. Users of GPT Academy version 3.83 are affected.
💻 Affected Systems
- GPT Academy
📦 What is this software?
Gpt Academic by Binary Husky
⚠️ Risk & Real-World Impact
Worst Case
Attackers could perform any WebSocket-authorized actions as the victim, potentially including data manipulation, unauthorized access to conversations, or disruption of service.
Likely Case
Attackers hijack WebSocket sessions to delete or manipulate user conversation history without authorization.
If Mitigated
With proper WebSocket authentication and origin validation, the vulnerability is prevented and only authorized users can establish WebSocket connections.
🎯 Exploit Status
Exploitation requires the attacker to trick a victim into visiting a malicious website while authenticated to GPT Academy.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.83
Vendor Advisory: https://huntr.com/bounties/0f8403ad-5f60-4eb9-9f51-8fbd2e41eda4
Restart Required: No
Instructions:
1. Update to the latest version of GPT Academy from the binary-husky/gpt_academic repository. 2. Verify WebSocket connections now require proper authentication and origin validation.
🔧 Temporary Workarounds
Implement WebSocket Origin Validation
allAdd server-side validation to check WebSocket handshake origin headers against allowed domains.
Add WebSocket Authentication Tokens
allRequire authentication tokens in WebSocket connection requests that are validated server-side.
🧯 If You Can't Patch
- Disable WebSocket functionality if not required
- Restrict access to GPT Academy to trusted networks only
🔍 How to Verify
Check if Vulnerable:
Check if running GPT Academy version 3.83 and test if WebSocket connections accept requests without proper origin validation or authentication.Check Version:
Check the version in the GPT Academy interface or repository configuration files.Verify Fix Applied:
Test WebSocket connections to ensure they now require proper authentication tokens and validate origin headers.📡 Detection & Monitoring
Log Indicators:
- Unusual WebSocket connection patterns
- WebSocket requests from unexpected origins
- Multiple failed WebSocket authentication attempts
Network Indicators:
- WebSocket traffic from unauthorized domains
- Suspicious WebSocket handshake patterns
SIEM Query:
WebSocket connections where origin header does not match allowed domains OR where authentication tokens are missing