H3-2024-0015¶
NextChat Open Proxy Server-Side Request Forgery Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.1 |
Description¶
NextChat a.k.a ChatGPT Next Web is vulnerable to full-read SSRF and XSS through the /api/cors endpoint
Impact¶
Remote unauthenticated attackers can use the NextChat server to send arbitrary HTTP requests to internal endpoints and receive responses back. This can be used to access or modify internal services over HTTP. In cloud environments, an attacker may be able to steal cloud credentials by accessing cloud metadata URLs.