cbcvebase.
CVE-2024-3234
published 2024-06-06

CVE-2024-3234: The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.76%
88.5th percentile
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.

Affected

1 ranges
VendorProductVersion rangeFixed in
gaizhenbiaochuanhuchatgpt< 2024030520240305

Detection & IOCsextracted from sources · hover to see the quote

url/file=web_assets/../config.json
pathconfig.json
pathweb_assets
  • Look for HTTP GET requests containing path traversal sequences targeting /file=web_assets/../ to reach config.json outside the intended web_assets directory.
  • A successful exploit response will contain both '"openai_api_key":' and '"openai_api_type":' in the JSON body with HTTP 200 and Content-Type application/json.
  • The path traversal is rooted in the outdated gradio component's file-serving endpoint (/file=), as also identified in CVE-2023-51449; monitor for traversal sequences (../) in requests to this endpoint.
  • ·The vulnerability affects chuanhuchatgpt versions prior to the fixed release on 20240305; instances updated on or after that date are not affected.
  • ·The path traversal is enabled by an outdated gradio dependency; the root cause is the gradio component's /file= endpoint, not chuanhuchatgpt's own code directly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.