ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Intelligence Reports
Analysis of NextChat SSRF Vulnerablity: CVE-2023-49785
2024.12.04

The S2W Threat Intelligence Center has published a high-level threat intelligence report on the SSRF vulnerability, CVE-2023-49785, which occurred in NextChat.


*What is NextChat? It refers to ChatGPT Next Web, a web interface for LLM (Large Language Model) services provided across platforms.



✅ Report Title:


Analysis of NextChat SSRF Vulnerablity: CVE-2023-49785



✅ Executive Summary:


This report is an analysis of the SSRF vulnerability CVE-2023-49785 in the ChatGPT-Next-Web (hereinafter referred to as NextChat) product, disclosed on March 11, 2024.


The vulnerability allows unauthorized users to perform SSRF through the API used for the client settings synchronization feature of NextChat.


Versions of NextChat 2.11.2 and below are affected by this vulnerability. While it was initially reported to have been patched in version 2.11.3, a bypass method for the patch was discovered, and the vulnerability was ultimately addressed in version 2.12.2.


The version of NextChat in use can be checked in the settings menu of the client web page.



📌 What are the specific details about CVE-2023-49785?


- CVE Number: CVE-2023-49785


- Disclosure or Patch Date: 2024-03-11


- Product: NextChat (ChatGPT Next Web)


- Vendor: NextChat


- Confirmed Affected Versions: NextChat ≤ 2.11.2


- Reporter(Advisor): > nvn1729 of Horizon3.AI 


- Patched Version: > NextChat ≥ 2.11.3


- Causes: NextChat retrieves data from remote servers for client settings synchronization and uses the /api/cors API endpoint to bypass CORS policies by proxying through its server.


During this process:

  • The API endpoint is accessible to unauthenticated users.
  • Insufficient validation of the input remote server path allows attackers to exploit this endpoint to perform Server-Side Request Forgery (SSRF) against the NextChat server.


- Details about the NextChat vulnerability can be found in the full report.



✅ Recommended Threat Detection and Mitigation Actions:


- This vulnerability is a Server-Side Request Forgery vulnerability occurring in NextChat.


- It has been reported that versions of NextChat 2.11.2 and below are affected by this vulnerability. While the vulnerability was initially reported to have been patched in version 2.11.3, it was actually addressed in version 2.12.2.


- Attackers with access to the server can exploit the vulnerability to steal authentication information within the cloud environment or issue credentials with server privileges, using this data for additional attacks. Therefore, it is recommended to update to the patched version or the latest version or configure the network to block external access.


- If needed, please refer to the full report through the link below.



🧑‍💻 Report Author: S2W TALON (Updated. 2024-11-06)



👉 Contact us: https://s2w.inc/en/contact



*The full report is available upon request.


Industry Newsletters
S2W, INTERPOL Discuss on Strengthening Global Public-Private Cooperation
2024.12.02
Previous
Threat Intelligence Reports
2024 Threat Landscape Report
2024.12.04
Next
List