Lucene search

@huntr_aiCVELIST:CVE-2024-5936

HistoryJun 27, 2024 - 6:45 p.m.

CVE-2024-5936 Open Redirect in imartinez/privategpt

2024-06-2718:45:31

CWE-601

@huntr_ai

www.cve.org

open redirect

imartinez/privategpt

version 0.5.0

improper handling

user-controlled input

validation

sanitization

phishing attacks

malware distribution

credential theft

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

33.3%

JSON

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the ‘file’ parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.

CNA Affected

[
  {
    "vendor": "imartinez",
    "product": "imartinez/privategpt",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/43f05c1e-d7b8-45e2-b1fe-48faf1e3a48d

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

33.3%

JSON

Related for CVELIST:CVE-2024-5936