High severity7.5NVD Advisory· Published Apr 10, 2024· Updated Jun 17, 2026
CVE-2024-2217
CVE-2024-2217
Description
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (openai_api_key, google_palm_api_key, xmchat_api_key, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the config.json file, which does not properly restrict access based on user authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/gaizhenbiao/chuanhuchatgpt/commit/c5ae3b5ae6b47259e0ce8730e0a47e85121f4a7dnvdPatch
- huntr.com/bounties/e4df74bf-b2ee-490f-a9c9-e5c8010b8b29nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.