CVE-2023-49785 is a vital vulnerability affecting NextChat, an utility that gives customers with an internet interface based mostly on ChatGPT
Data has been disclosed a couple of new vital vulnerability affecting NextChat, a chat interface used with ChatGPT. The vulnerability CVE-2023-49785 would enable a distant attacker to acquire inner entry to completely different servers through HTTP. It will additionally enable an attacker to masks their IP handle, because it permits NextChat for use as an OpenProxy.
NextChat is an utility that lets you simply acquire an internet interface based mostly on ChatGPT that integrates GPT3, GPT4 and Gemini PRO.
Key Options
The principle features of this vulnerability are detailed under.
- CVE Identifier: CVE-2023-49785
- Launch Date: 11/03/2023
- Affected Software program: NextChat / ChatGPT-Subsequent-Net
- CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Crucial)
- Affected Variations
- All earlier than 2.11.2 (included)
- Exploitation necessities
Mitigation
There's at the moment no patch for the vulnerability CVE-2023-49785. A mitigation advice is to not expose the occasion publicly to the Web. In case it's uncovered, be certain that it's remoted and with out entry to different inner assets.
In any case, an attacker can nonetheless exploit this vulnerability to masks his/her IP handle, utilizing the affected occasion as an OpenProxy.
Detection of the vulnerability CVE-2023-49785
This template from Nuclei can be utilized to detect this vulnerability. It's also potential to acquire the template from the horizon3 weblog.
As a part of its rising vulnerabilities service, Tarlogic proactively displays the perimeter of its purchasers to report, detect, and urgently notify of the presence of this vulnerability, in addition to different vital threats that might have a severe influence on the safety of their property.
