CVE-2024-8029
📋 TL;DR
This Cross-Site Scripting (XSS) vulnerability in PrivateGPT allows attackers to upload malicious SVG files that execute JavaScript when clicked by victims. This affects users of PrivateGPT version 0.5.0 who can upload files through the application interface. The vulnerability enables attackers to steal user data, hijack sessions, distribute malware, or conduct phishing attacks.
💻 Affected Systems
- imartinez/privategpt
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, sensitive data exfiltration, malware deployment across the organization, and credential theft leading to lateral movement.
Likely Case
Session hijacking leading to unauthorized access to PrivateGPT data, user credential theft, and potential phishing attacks against other users.
If Mitigated
Limited impact with proper file upload restrictions and content security policies in place, potentially only affecting individual user sessions.
🎯 Exploit Status
Exploitation requires user interaction (clicking on malicious file link) and access to upload functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.5.1 or later
Vendor Advisory: https://github.com/imartinez/privategpt/security/advisories
Restart Required: Yes
Instructions:
1. Update PrivateGPT to version 0.5.1 or later. 2. Restart the PrivateGPT service. 3. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Disable SVG file uploads
allConfigure the application to reject SVG file uploads at the web server or application level.
# Configure web server (nginx example)
location ~* \.svg$ {
deny all;
}
# Application-level restriction
# Modify file upload handler to reject SVG MIME types
Implement Content Security Policy
allAdd CSP headers to prevent inline script execution and restrict script sources.
# Add to web server configuration
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;";
🧯 If You Can't Patch
- Implement strict file upload validation to reject SVG files and sanitize all uploaded content
- Deploy a WAF with XSS protection rules and implement network segmentation to limit access to PrivateGPT
🔍 How to Verify
Check if Vulnerable:
Check if running PrivateGPT version 0.5.0 and test if SVG files can be uploaded and executed via file links.Check Version:
Check the PrivateGPT version in the web interface or run: python -c "import privategpt; print(privategpt.__version__)"Verify Fix Applied:
Verify PrivateGPT version is 0.5.1 or later and test that SVG uploads are properly sanitized or rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads
- Multiple failed upload attempts
- Large number of file uploads from single IP
Network Indicators:
- HTTP requests with SVG file uploads to PrivateGPT endpoints
- Unusual outbound connections after file upload
SIEM Query:
source="privategpt.log" AND (file_extension="svg" OR mime_type="image/svg+xml")