CVE-2024-3234 Overview
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as config.json, which contains API keys.
Critical Impact
Unauthorized attackers can exploit this path traversal vulnerability remotely without authentication to access sensitive configuration files containing API keys and other credentials, potentially leading to full application compromise.
Affected Products
- gaizhenbiao chuanhuchatgpt (versions prior to the fix released on 2024-03-05)
Discovery Timeline
- 2024-06-06 - CVE CVE-2024-3234 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-3234
Vulnerability Analysis
This path traversal vulnerability (CWE-22) exists in ChuanhuChatGPT due to its dependency on an outdated version of the Gradio framework. The application implements access controls intended to confine user file access to the web_assets directory. However, the underlying Gradio component contains the same path traversal flaw documented in CVE-2023-51449, which enables attackers to craft malicious requests that escape the intended directory restrictions.
The vulnerability is particularly severe because successful exploitation grants access to the config.json file, which stores sensitive API keys for services like OpenAI. An attacker exploiting this vulnerability could steal these credentials and abuse them for unauthorized API access, potentially incurring significant financial costs or gaining access to other connected services.
Root Cause
The root cause of this vulnerability is the use of an outdated Gradio component that fails to properly sanitize file path inputs. The vulnerable Gradio version does not adequately validate user-supplied path segments, allowing directory traversal sequences (such as ../) to escape the intended web_assets directory boundary. This is a classic supply chain vulnerability where a third-party dependency introduces security weaknesses into the dependent application.
Attack Vector
The attack can be executed remotely over the network without requiring any authentication or user interaction. An attacker can send specially crafted HTTP requests to the ChuanhuChatGPT application containing path traversal sequences. By manipulating the file path parameter, the attacker can navigate outside the web_assets folder and access arbitrary files on the server, including the sensitive config.json file that contains API keys and other configuration secrets.
# Security patch in ChuanhuChatbot.py
# Source: https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00
from modules import config
import gradio as gr
import colorama
+from modules.gradio_patch import reg_patch
+reg_patch()
logging.getLogger("httpx").setLevel(logging.WARNING)
The fix introduces a custom Gradio patch module that replaces vulnerable routes with secure implementations. The patch adds proper OAuth routes and input validation to prevent path traversal attacks.
# Security patch in modules/gradio_patch.py
# Source: https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00
+import logging
+import os
+
+import fastapi
+import gradio
+from fastapi.responses import RedirectResponse
+from gradio.oauth import MOCKED_OAUTH_TOKEN
+
+from modules.presets import i18n
+
+OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
+OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
+OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")
+OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")
+def _add_oauth_routes(app: fastapi.FastAPI) -> None:
+ """Add OAuth routes to the FastAPI app (login, callback handler and logout)."""
+ try:
+ from authlib.integrations.starlette_client import OAuth
+ except ImportError as e:
+ raise ImportError(
+ "Cannot initialize OAuth to due a missing library. Please run `pip install gradio[oauth]` or add "
+ "`gradio[oauth]` to your requirements.txt file in order to install the required dependencies."
+ ) from e
+
+ # Check environment variables
+ msg = (
+ "OAuth is required but {} environment variable is not set. Make sure you've enabled OAuth in your Space by"
+ " setting `hf_oauth: true` in the Space metadata."
+ )
+ if OAUTH_CLIENT_ID is None:
Detection Methods for CVE-2024-3234
Indicators of Compromise
- HTTP requests containing path traversal sequences such as ../ or ..%2f targeting ChuanhuChatGPT endpoints
- Unusual access patterns to files outside the web_assets directory, particularly config.json
- Log entries showing attempts to access sensitive configuration files or API key files
- Unexpected API usage or billing anomalies on connected services (OpenAI, etc.) indicating potential credential theft
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in HTTP requests
- Monitor server access logs for requests containing directory traversal sequences targeting Gradio-based endpoints
- Deploy file integrity monitoring on sensitive configuration files like config.json
- Enable audit logging for all file access operations within the application directory structure
Monitoring Recommendations
- Set up alerts for any file access attempts outside the web_assets directory boundary
- Monitor API key usage and establish baseline patterns to detect anomalous activity indicating credential compromise
- Implement real-time log analysis to identify path traversal attack signatures
- Review and audit Gradio component versions across all deployments to identify vulnerable instances
How to Mitigate CVE-2024-3234
Immediate Actions Required
- Update ChuanhuChatGPT to the fixed version released on 2024-03-05 or later
- Rotate all API keys stored in config.json as they may have been compromised
- Review server logs for evidence of prior exploitation attempts
- Audit file access permissions to ensure configuration files have restrictive permissions
Patch Information
The vulnerability has been addressed in a commit to the ChuanhuChatGPT repository. The fix implements a custom Gradio patch module (modules/gradio_patch.py) that replaces vulnerable routes with secure implementations featuring proper input validation and OAuth handling.
Apply the fix by updating to the latest version of ChuanhuChatGPT from the GitHub repository. The specific security commit can be reviewed at the GitHub Commit Update. Additional vulnerability details are available at the Huntr Vulnerability Bounty.
Workarounds
- Deploy a reverse proxy or WAF in front of the application to filter path traversal patterns before they reach the application
- Restrict network access to the ChuanhuChatGPT instance using firewall rules to limit exposure
- Move sensitive configuration files like config.json outside the application's accessible directory structure
- Consider using environment variables instead of file-based configuration for storing API keys
# Configuration example - Restrict file permissions on config.json
chmod 600 config.json
chown root:root config.json
# Add WAF rule to block path traversal (nginx example)
location / {
if ($request_uri ~* "\.\.") {
return 403;
}
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
