Plattform
python
Komponente
chuanhuchatgpt
CVE-2024-6255 is a Path Traversal vulnerability affecting the gaizhenbiao/chuanhuchatgpt project. This vulnerability allows unauthorized deletion of JSON files, including critical configuration files, potentially disrupting the application's functionality. All versions of chuanhuchatgpt prior to the latest are affected. A fix is expected from the vendor.
The primary impact of CVE-2024-6255 is the ability for an attacker to delete arbitrary JSON files on the server hosting the chuanhuchatgpt application. This includes essential configuration files such as config.json and dsconfigchatbot.json. Successful exploitation can lead to a denial of service by removing critical configuration data, preventing the application from functioning correctly. Furthermore, an attacker could potentially manipulate settings by replacing configuration files with malicious versions, leading to further compromise. The blast radius extends to any system running an unpatched version of chuanhuchatgpt, making it a significant risk.
CVE-2024-6255 was publicly disclosed on 2024-07-31. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are currently unavailable, but the ease of exploitation suggests that they may emerge.
Organizations and individuals deploying chuanhuchatgpt, particularly those with publicly accessible instances or weak access controls, are at risk. Shared hosting environments where multiple users share the same server are especially vulnerable, as an attacker could potentially exploit this vulnerability to impact other users on the same server.
• python / server:
find /path/to/chuanhuchatgpt -name '*.json' -type f -mmin -60 # Check for recently modified JSON files• generic web:
curl -I 'http://your-chuanhuchatgpt-server/../../../../etc/passwd' # Attempt directory traversaldisclosure
Exploit-Status
EPSS
3.86% (88% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2024-6255 is to upgrade to a patched version of chuanhuchatgpt as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds such as restricting file system access for the application user. Implement strict file permissions to prevent unauthorized modification or deletion of JSON files. Monitor system logs for suspicious file deletion attempts. While a WAF might not directly prevent this vulnerability, it can be configured to detect and block requests containing directory traversal sequences.
Actualice a una versión parcheada que valide correctamente las rutas de los archivos JSON. Si no hay una versión disponible, revise y corrija el código para asegurar que las rutas de los archivos estén validadas y que no permitan el recorrido de directorios. Implemente controles de acceso adecuados para restringir el acceso a los archivos de configuración críticos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-6255 is a vulnerability in chuanhuchatgpt that allows attackers to delete JSON files by exploiting improper file path validation.
Yes, if you are using a version of chuanhuchatgpt prior to the latest release, you are potentially affected by this vulnerability.
The recommended fix is to upgrade to the latest version of chuanhuchatgpt as soon as a patched release is available. Until then, implement access restrictions and input validation.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation warrants prompt mitigation.
Refer to the gaizhenbiao/chuanhuchatgpt project's repository or website for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.