CVE-2024-5982 Overview
A critical path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt, a popular ChatGPT web interface. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation, and the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.
Critical Impact
Unauthenticated remote attackers can exploit this path traversal vulnerability to upload arbitrary files, create directories outside intended locations, and leak sensitive data from CSV files, potentially achieving full remote code execution on affected systems.
Affected Products
- gaizhenbiao chuanhuchatgpt (all versions prior to the security patch)
Discovery Timeline
- 2024-10-29 - CVE-2024-5982 published to NVD
- 2024-11-14 - Last updated in NVD database
Technical Details for CVE-2024-5982
Vulnerability Analysis
This path traversal vulnerability (CWE-22) affects multiple components within the ChuanhuChatGPT application. The core issue lies in how the application handles user-supplied input when constructing file system paths. When user input is directly concatenated with base directory paths using Python's os.path.join function without proper sanitization, attackers can inject directory traversal sequences (such as ../) to escape the intended directory structure.
The vulnerability manifests in three distinct attack surfaces within the application. The load_chat_history function accepts user-controlled file paths without validation, enabling attackers to write files to arbitrary locations on the server. This capability can be leveraged to achieve remote code execution by uploading malicious Python files or web shells to executable directories. The get_history_names function similarly accepts unsanitized input, allowing attackers to create directories anywhere on the filesystem where the application has write permissions. The load_template function can be abused to read and exfiltrate the first column of CSV files from arbitrary locations, potentially exposing sensitive configuration data or credentials.
Root Cause
The root cause of this vulnerability is improper input validation and sanitization in the affected functions. The developers used os.path.join to combine user-supplied paths with base directories, which does not inherently protect against path traversal attacks. When an absolute path or a path containing ../ sequences is provided as an argument, os.path.join may resolve to locations outside the intended directory. The absence of path canonicalization checks, directory boundary validation, and input sanitization allows attackers to traverse the directory structure and access or modify files outside the application's intended scope.
Attack Vector
The attack vector for this vulnerability is network-based, requiring no authentication or user interaction. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the affected endpoints with malicious path traversal payloads.
The exploitation process involves manipulating file path parameters in requests to the vulnerable functions. For the load_chat_history endpoint, an attacker constructs a request containing path traversal sequences in the filename parameter, such as ../../../../tmp/malicious.py, to write files to arbitrary locations. For directory creation via get_history_names, similar techniques allow creating directories outside the intended history folder. The load_template function exploitation involves specifying paths to target CSV files that should be inaccessible to the web application.
For technical details on the vulnerability, refer to the Huntr Bounty Disclosure.
Detection Methods for CVE-2024-5982
Indicators of Compromise
- Unusual file creation or modification in directories outside the application's designated data folders
- Web server logs containing path traversal sequences (../, ..%2f, ..%5c) in request parameters
- Unexpected Python files or scripts appearing in application directories
- Anomalous directory structures created in system or application paths
- CSV file access patterns indicating unauthorized template loading operations
Detection Strategies
- Deploy web application firewalls (WAF) with rules to detect and block path traversal payloads in HTTP requests
- Implement file integrity monitoring on the ChuanhuChatGPT installation directory and system paths
- Configure application logging to capture all file operations with full path information for forensic analysis
- Use endpoint detection and response (EDR) solutions to monitor for suspicious file system access patterns
Monitoring Recommendations
- Monitor web server access logs for requests containing directory traversal patterns targeting /load_chat_history, /get_history_names, or template-related endpoints
- Set up alerts for new file creation events outside expected application directories
- Implement anomaly detection for unusual file access patterns by the web application process
- Review server logs for error messages indicating path resolution issues or permission denials
How to Mitigate CVE-2024-5982
Immediate Actions Required
- Update ChuanhuChatGPT to the latest version that includes the security patch
- If immediate patching is not possible, restrict network access to the affected application to trusted users only
- Review file system permissions to ensure the application runs with minimal required privileges
- Audit recent file system changes to identify potential exploitation attempts
Patch Information
The vendor has released a security fix for this vulnerability. The patch is available in commit 952fc8c3cbacead858311747cddd4bedcb4721d7. Users should update their ChuanhuChatGPT installation by pulling the latest changes from the official repository or applying the specific commit. The fix implements proper input sanitization and path validation to prevent directory traversal attacks.
For patch details, see the GitHub Commit.
Workarounds
- Place the ChuanhuChatGPT application behind a reverse proxy with strict input validation rules blocking path traversal sequences
- Run the application in a containerized environment with volume mounts restricted to necessary directories only
- Implement network segmentation to limit access to the application from untrusted networks
- Configure file system permissions to restrict the application's write access to only essential directories
# Example: Restrict application to container with limited filesystem access
docker run -d \
--name chuanhuchatgpt \
--read-only \
--tmpfs /tmp \
-v /app/data:/app/data:rw \
chuanhuchatgpt:latest
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
