What is the severity of CVE-2024-3403?

CVE-2024-3403 is classified as a high-severity vulnerability due to its potential for arbitrary file reading.

How do I fix CVE-2024-3403?

To remediate CVE-2024-3403, ensure that file upload functionalities only allow specific file types and sanitize all input.

What types of attacks can CVE-2024-3403 enable?

CVE-2024-3403 can enable attackers to read sensitive files on the filesystem, leading to information leakage.

Which versions of privategpt are affected by CVE-2024-3403?

CVE-2024-3403 affects version 0.2.0 of imartinez/privategpt.

How does the local file inclusion vulnerability in CVE-2024-3403 work?

The local file inclusion vulnerability in CVE-2024-3403 allows attackers to exploit the 'Search in Docs' feature to read arbitrary files by manipulating the file upload process.

Vulnerability/
CVE-2024-3403

high

7.5

CWE

16/5/2024

21/11/2024

CVE-2024-3403: Local File Inclusion in imartinez/privategpt

First published: Thu May 16 2024(Updated: )

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
imartinez privategpt

Never miss a vulnerability like this again

Reference Links

https://huntr.com/bounties/7431d1dd-f014-4d4f-acb6-f97369ef3688

Frequently Asked Questions

What is the severity of CVE-2024-3403?
CVE-2024-3403 is classified as a high-severity vulnerability due to its potential for arbitrary file reading.
How do I fix CVE-2024-3403?
To remediate CVE-2024-3403, ensure that file upload functionalities only allow specific file types and sanitize all input.
What types of attacks can CVE-2024-3403 enable?
CVE-2024-3403 can enable attackers to read sensitive files on the filesystem, leading to information leakage.
Which versions of privategpt are affected by CVE-2024-3403?
CVE-2024-3403 affects version 0.2.0 of imartinez/privategpt.
How does the local file inclusion vulnerability in CVE-2024-3403 work?
The local file inclusion vulnerability in CVE-2024-3403 allows attackers to exploit the 'Search in Docs' feature to read arbitrary files by manipulating the file upload process.

agent/title
agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/imartinez
canonical/imartinez privategpt

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.