Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-4520

CVE-2024-4520: Chuanhuchatgpt Auth Bypass Vulnerability

CVE-2024-4520 is an authentication bypass flaw in Gaizhenbiao Chuanhuchatgpt that allows unauthorized access to any user's chat history. This post covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2024-4520 Overview

CVE-2024-4520 is an improper access control vulnerability in the gaizhenbiao/chuanhuchatgpt application, version 20240410. The flaw allows any authenticated user on the server to download the chat history of any other user without interaction or additional privileges. The weakness maps to CWE-862: Missing Authorization and stems from insufficient access control checks on chat history file operations. Successful exploitation exposes sensitive personal information, financial details, and confidential conversations stored in user histories. The vulnerability is network-exploitable and requires no privileges or user interaction.

Critical Impact

Any user on the server can retrieve another user's full chat history, leading to disclosure of sensitive conversational data, credentials shared in prompts, and personally identifiable information.

Affected Products

  • gaizhenbiao chuanhuchatgpt version 20240410
  • Deployments using the unpatched modules/utils.py history download path
  • Multi-user instances of ChuanhuChatGPT exposed over the network

Discovery Timeline

  • 2024-06-04 - CVE-2024-4520 published to NVD
  • 2025-10-15 - Last updated in NVD database

Technical Details for CVE-2024-4520

Vulnerability Analysis

The vulnerability resides in the chat history export functionality of ChuanhuChatGPT, a Gradio-based web UI for large language model interactions. The application stores user chat histories as JSON files under per-user directories and offers a download function that converts these histories to Markdown. The download routine accepts a filename parameter and constructs a file path without verifying that the requesting user owns the requested history. As a result, an attacker can supply another user's filename and retrieve their full conversation log. Because the application is multi-tenant by design, the missing authorization check breaks the trust boundary between user accounts.

Root Cause

The root cause is missing server-side authorization on the history export endpoint. The pre-patch code in modules/utils.py resolved filenames against the caller-supplied input rather than restricting access to files within the authenticated user's directory. No ownership check, session-to-file binding, or path canonicalization was performed before reading and serving history content.

Attack Vector

An attacker authenticates to a shared ChuanhuChatGPT instance and invokes the history download function while referencing a target user's history filename. The server reads the target file and returns the Markdown-converted contents to the attacker. Exploitation requires only network access to the application and a valid (potentially low-privileged) account.

python
# Security patch in modules/utils.py - bugfix: private history download
    with open(history_file_path, "w", encoding="utf-8") as f:
        json.dump(json_s, f, ensure_ascii=False, indent=4)

-    filename = os.path.basename(filename)
-    filename_md = filename[:-5] + ".md"
-    md_s = f"system: \n- {system} \n"
-    for data in history:
+    save_md_file(history_file_path)
+    return history_file_path
+
+def save_md_file(json_file_path):
+    with open(json_file_path, "r", encoding="utf-8") as f:
+        json_data = json.load(f)
+
+    md_file_path = json_file_path[:-5] + ".md"
+    md_s = f"system: \n- {json_data['system']} \n"
+    for data in json_data['history']:
        md_s += f"\n{data['role']}: \n- {data['content']} \n"
-    with open(
-        os.path.join(HISTORY_DIR, user_name, filename_md), "w", encoding="utf8"
-    ) as f:
-        f.write(md_s)
-    return os.path.join(HISTORY_DIR, user_name, filename)

+    with open(md_file_path, "w", encoding="utf8") as f:
+        f.write(md_s)

Source: GitHub commit ccc7479. The patch rewrites the download flow so that the Markdown export is generated from the authenticated user's resolved history file path, removing the attacker-controlled filename concatenation against HISTORY_DIR.

Detection Methods for CVE-2024-4520

Indicators of Compromise

  • Access log entries showing one authenticated user requesting history filenames that do not belong to their account directory under HISTORY_DIR.
  • Outbound transfers of .json or .md chat history files immediately following a download request from a non-owning session.
  • Multiple rapid history download requests from a single session referencing diverse usernames or file identifiers.

Detection Strategies

  • Review ChuanhuChatGPT application logs for history download calls and correlate the requesting session's username with the target file path.
  • Hunt for path traversal-like patterns or cross-user filenames in request parameters submitted to the history export function.
  • Compare file access events on the server's HISTORY_DIR against the authenticated user identity recorded in the web session.

Monitoring Recommendations

  • Enable verbose request logging on the Gradio front end and forward logs to a central platform for correlation with file system access events.
  • Alert on any read access to history JSON files where the file owner differs from the active session user.
  • Track outbound HTTP responses containing .md exports and flag bursts that suggest enumeration of other users' histories.

How to Mitigate CVE-2024-4520

Immediate Actions Required

  • Upgrade ChuanhuChatGPT past the patched commit ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b to remove the vulnerable download path.
  • Restrict access to multi-user ChuanhuChatGPT deployments to trusted networks until the patch is applied.
  • Audit the HISTORY_DIR directory for unauthorized reads and rotate any credentials or secrets that users may have pasted into chat sessions.

Patch Information

The vendor fix is published in the upstream repository at GitHub commit ccc7479. The patch refactors modules/utils.py to derive the export path from the server-side history file rather than from caller-supplied filename input. Additional context is available in the Huntr bounty listing.

Workarounds

  • Run ChuanhuChatGPT as a single-tenant deployment per user until the upgrade is applied, eliminating cross-user file exposure.
  • Place the application behind an authenticating reverse proxy that enforces per-user path restrictions on history endpoints.
  • Disable or remove the history download feature in custom forks until the authorization fix is verified in your environment.
bash
# Apply the upstream fix by pulling the patched commit
git fetch origin
git checkout ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b -- modules/utils.py modules/models/base_model.py
# Restart the service after deploying the patched files
systemctl restart chuanhuchatgpt

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne