CVE-2024-3404 MEDIUM

CVE-2024-3404: Improper Access Control in gaizhenbiao/chuanhuchatgpt

Vendor Gaizhenbiao

Product gaizhenbiao/chuanhuchatgpt

Weakness CWE-863 · Incorrect authorization

Published June 6, 2024

Last update October 15, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.

Key dates

02Disclosure timeline

June 6, 2024 CVE published

October 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3404

Related vulnerabilities

Identifiers

CVE CVE-2024-3404

CWE CWE-863

CVSS 6.5 / MEDIUM

Affected versions