Cyber Security News

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the ChatGPT Next Web, popularly known as NextChat.

This vulnerability has raised concerns within the cybersecurity community due to its potential for exploitation through Server-Side Request Forgery (SSRF).

NextChat is a web interface designed for large language model (LLM) services. It provides a platform for users to interact with advanced AI models like ChatGPT.

It facilitates seamless integration and functionality across various platforms, making it a widely used tool for businesses and individuals alike.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Details of the Vulnerability: CVE-2023-49785

The vulnerability, identified as CVE-2023-49785, was publicly disclosed on March 11, 2024. It affects versions of NextChat 2.11.2 and earlier, as per a report by the S2W Threat Intelligence Center.

The issue was traced to the API responsible for client settings synchronization, which lacked appropriate security measures, allowing unauthorized users to exploit the system.

The SSRF vulnerability stemmed from the improperly secured/API/cors endpoint. This endpoint circumvents CORS policies by routing requests through the server.

 Unfortunately, it was accessible to unauthenticated users, who could manipulate it to send malicious requests to arbitrary internal services.

Exploiting this vulnerability, attackers could perform SSRF actions to gain unauthorized access to sensitive server information.

This breach could lead to the theft of authentication data or the misuse of server privileges, potentially compromising entire cloud environments.

To address this critical flaw, users of NextChat are advised to take immediate action:

  1. Update Software: Upgrade to version 2.12.2 or later, where the vulnerability is comprehensively patched. Previous versions, including the interim patch in 2.11.3, are insufficient.
  2. Network Security: Configure the network to block unauthorized external access, minimizing potential exposure to SSRF attacks.
  3. Monitor Systems: Continuously monitor system logs for suspicious activities that may indicate exploitation attempts.

The full report, which offers an in-depth analysis and further recommendations, is available for security teams and developers who wish to secure their NextChat deployments fully.

This incident underscores the importance of regular security assessments and timely updates to safeguard against evolving threats in the digital landscape.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

6 minutes ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

1 day ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

2 days ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

2 days ago