CVE-2024-4520 – This CVE-2024-4520 vulnerability allows any use... (How to Fix)

Q: What is the severity of CVE-2024-4520?

CVE-2024-4520 has a CVSS score of 7.5 (HIGH). This CVE-2024-4520 vulnerability allows any user on the gaizhenbiao/chuanhuchatgpt server to access other users' chat histories without authorization. It affects all users of version 20240410 of this application. The vulnerability stems from improper access control mechanisms in chat history data handling.

📋 TL;DR

This CVE-2024-4520 vulnerability allows any user on the gaizhenbiao/chuanhuchatgpt server to access other users' chat histories without authorization. It affects all users of version 20240410 of this application. The vulnerability stems from improper access control mechanisms in chat history data handling.

💻 Affected Systems

Products:

gaizhenbiao/chuanhuchatgpt

Versions: Version 20240410

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments of version 20240410 regardless of configuration.

📦 What is this software?

Chuanhuchatgpt by Gaizhenbiao

View all CVEs affecting Chuanhuchatgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass data breach exposing sensitive personal information, financial data, confidential conversations leading to identity theft, fraud, and reputational damage.

🟠

Likely Case

Unauthorized access to chat histories exposing personal conversations and potentially sensitive information shared in chats.

🟢

If Mitigated

Proper access controls prevent unauthorized cross-user data access, maintaining chat privacy and data confidentiality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user access to the server but no special privileges or complex techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b

Vendor Advisory: https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b

Restart Required: Yes

Instructions:

1. Pull latest code from GitHub repository 2. Update to commit ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b or later 3. Restart the application service

🔧 Temporary Workarounds

Network Isolation

all

Restrict application access to trusted users only

Access Control Enhancement

all

Implement additional authentication/authorization layers

🧯 If You Can't Patch

Isolate the application to internal network only with strict user access controls
Implement application-level access control middleware to validate user permissions before serving chat data

🔍 How to Verify

Check if Vulnerable:

Check if running version 20240410 of gaizhenbiao/chuanhuchatgpt

Check Version:

Check git commit hash or application version in deployment configuration

Verify Fix Applied:

Verify application is running commit ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b or later

📡 Detection & Monitoring

Log Indicators:

Unusual cross-user data access patterns
Multiple unauthorized chat history retrieval attempts

Network Indicators:

Excessive chat history API calls from single user
Unusual data transfer patterns

SIEM Query:

source="application_logs" AND (chat_history_access OR unauthorized_access) AND user_id!="current_user"

📊 Metadata

CVE ID: CVE-2024-4520

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

Published: June 4, 2024

Last Updated: October 15, 2025

🔗 References

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b
https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 Exploit,Third Party Advisory
https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4520, you might also want to check these: