Detections
Analytics

NextChat < 2.11.3 Server-Side Request Forgery

critical Web App Scanning Plugin ID 114306

Language:

Synopsis

NextChat < 2.11.3 Server-Side Request Forgery

Description

NextChat (formerly ChatGPT-Next-Web) versions prior to 2.11.3 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the '/api/cors' endpoint or to execute JavaScript in the application users browsers context.

Solution

Update to NextChat 2.11.3 or latest.

See Also

https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/releases/tag/v2.11.3

https://nextchat.dev/

https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/

Plugin Details

Severity: Critical

ID: 114306

Type: remote

Published: 6/20/2024

Updated: 6/20/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2023-49785

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS Score Source: CVE-2023-49785

Vulnerability Information

CPE: cpe:2.3:a:nextchat:nextchat:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/13/2024

Vulnerability Publication Date: 3/11/2024

Reference Information

CVE: CVE-2023-49785