Login Sign Up

CVE-2024-7962

7.5 HIGH
Authentication Bypass Path Traversal

📋 TL;DR

An arbitrary file read vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows attackers to read sensitive files on the server by exploiting insufficient validation of prompt template file paths. This affects systems running the vulnerable version of this ChatGPT web interface software, potentially exposing credentials, code, and logs.

💻 Affected Systems

Products:
  • gaizhenbiao/chuanhuchatgpt
Versions: 20240628
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations using the vulnerable version; the vulnerability requires specific file format criteria (non-.json files with comma-separated lines after first line).

📦 What is this software?

Chuanhuchatgpt by Gaizhenbiao

View all CVEs affecting Chuanhuchatgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive server files including configuration files with database credentials, API keys, and user data leading to full system takeover.

🟠

Likely Case

Exfiltration of sensitive configuration files, source code, and log files containing authentication tokens and user information.

🟢

If Mitigated

Limited exposure of non-sensitive files due to proper file permissions and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the huntr.com bounty report; exploitation requires knowledge of target file paths but is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 2836fd1db3efcd5ede63c0e7fbbdf677730dbb51

Vendor Advisory: https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2836fd1db3efcd5ede63c0e7fbbdf677730dbb51

Restart Required: Yes

Instructions:

1. Pull latest code from GitHub repository. 2. Apply commit 2836fd1db3efcd5ede63c0e7fbbdf677730dbb51. 3. Restart the chuanhuchatgpt service.

🔧 Temporary Workarounds

Restrict file access permissions

linux

Set strict file permissions to limit what files the application can read

chmod 600 sensitive_files/*
chown root:root sensitive_files/*

Network isolation

all

Place the application behind a reverse proxy with strict access controls

🧯 If You Can't Patch

  • Implement strict file system permissions to limit application access to only necessary directories
  • Deploy network segmentation and WAF rules to block suspicious file path patterns in requests

🔍 How to Verify

Check if Vulnerable:

Check if running version 20240628 by examining the codebase or checking the commit hash

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify commit 2836fd1db3efcd5ede63c0e7fbbdf677730dbb51 is applied in the codebase

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path patterns in application logs
  • Multiple failed attempts to access non-template files

Network Indicators:

  • HTTP requests containing absolute file paths in parameters
  • Patterns of requests trying to access known sensitive file locations

SIEM Query:

source="application.log" AND ("../../" OR "/etc/" OR "/home/") AND status=200

📊 Metadata

CVE ID: CVE-2024-7962
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-29
Published: October 29, 2024
Last Updated: November 1, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7962, you might also want to check these:

CVE-2024-2083 9.9

A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitr...

Same vulnerability type (CWE-29)
CVE-2024-2624 9.8

This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the loll...

Same vulnerability type (CWE-29)
CVE-2024-2358 9.8

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows att...

Same vulnerability type (CWE-29)