Springboot OpenAI ChatGPT Behavioral Workflow Vulnerability in Question Handler
Vulnerability
A vulnerability exists in the Springboot OpenAI ChatGPT application, specifically in version e84f6f5. This issue allows any user to manipulate the number of questions they are permitted to ask by accessing the updateQuestionCou function through a specific API endpoint. The vulnerability arises from improper management of the workflow sequence, enabling users to bypass intended restrictions. As a result, this flaw could potentially be exploited to disrupt the application's expected behavior.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in the question allowance for users, disrupting the application's intended usage policies.
Reproduction
To reproduce this vulnerability, send a request to the '/api/mjkj-chat/chat/mng/update/questionCou' endpoint. There are no access controls in place to prevent users from modifying their question limits, a function that should be restricted to administrators.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.