gaizhenbiao ChuanhuChatGPT Authentication Bypass Vulnerability Allowing Unauthorized Access to Chat History

Vulnerability

An authentication bypass vulnerability has been identified in gaizhenbiao ChuanhuChatGPT, as of commit 3856d4f. This vulnerability allows any user to read and delete other users' chat history. The issue arises because usernames are sent via HTTP requests from the client side, instead of being securely sourced from cookies. This flaw enables an attacker to manipulate the username parameter and access another user's chat history through the get_model function.

Impact

Exploitation of this vulnerability allows for unauthorized reading and deletion of users' chat history.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

gaizhenbiao ChuanhuChatGPT Authentication Bypass Vulnerability Allowing Unauthorized Access to Chat History

Vulnerability

Impact

Affected Products

gaizhenbiao/ChuanhuChatGPT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating