An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This…
@huntr_ai·CWE-601·Published 2024-06-27
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.
Existe una vulnerabilidad de redireccionamiento abierto en imartinez/privategpt versión 0.5.0 debido al manejo inadecuado del parámetro 'archivo'. Esta vulnerabilidad permite a los atacantes redirigir a los usuarios a una URL especificada mediante una entrada controlada por el usuario sin una validación o sanitización adecuada. El impacto de esta vulnerabilidad incluye posibles ataques de phishing, distribución de malware y robo de credenciales.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.0 | Primary | cve.org | 4.3 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| 3.0 | Primary | cve.org | 4.3 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| 3.0 | Secondary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| 3.1 | Primary | NVD | 6.1 | 2.8 | 2.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |