A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:19:57.023Z
Updated: 2024-06-07T17:06:59.620Z
Reserved: 2024-05-21T20:10:37.932Z
Link: CVE-2024-5186
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-06T19:16:05.860
Modified: 2024-06-07T14:56:05.647
Link: CVE-2024-5186
JSON object: View
Redhat Information
No data.
CWE