Medium severity4.3NVD Advisory· Published Oct 29, 2024· Updated Jun 17, 2026
CVE-2024-8143
CVE-2024-8143
Description
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=20240628+ 1 more
- (no CPE)range: =20240628
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2bnvdPatch
- huntr.com/bounties/71c5ea4b-524a-4173-8fd4-2fbabd69502envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.