cnvd - cnvd-2025-06060

cnvd-2025-06060

Vulnerability from cnvd

Title: LibreChat groupid参数访问控制错误漏洞

Description:

LibreChat是一个增强的ChatGPT克隆。

LibreChat 0.7.6之前版本存在访问控制错误漏洞，该漏洞源于groupid参数没有验证所提供的提示ID是否属于当前用户，攻击者可利用此漏洞导致删除其他用户的提示。

Severity: 高

Patch Name: LibreChat groupid参数访问控制错误漏洞的补丁

Patch Description:

LibreChat是一个增强的ChatGPT克隆。

LibreChat 0.7.6之前版本存在访问控制错误漏洞，该漏洞源于groupid参数没有验证所提供的提示ID是否属于当前用户，攻击者可利用此漏洞导致删除其他用户的提示。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/danny-avila/LibreChat/releases/tag/v0.7.7

Reference: https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7

Impacted products

Name
LibreChat LibreChat <0.7.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-11167",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-11167"
    }
  },
  "description": "LibreChat\u662f\u4e00\u4e2a\u589e\u5f3a\u7684ChatGPT\u514b\u9686\u3002\n\nLibreChat 0.7.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8egroupid\u53c2\u6570\u6ca1\u6709\u9a8c\u8bc1\u6240\u63d0\u4f9b\u7684\u63d0\u793aID\u662f\u5426\u5c5e\u4e8e\u5f53\u524d\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u5220\u9664\u5176\u4ed6\u7528\u6237\u7684\u63d0\u793a\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/danny-avila/LibreChat/releases/tag/v0.7.7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-06060",
  "openTime": "2025-03-28",
  "patchDescription": "LibreChat\u662f\u4e00\u4e2a\u589e\u5f3a\u7684ChatGPT\u514b\u9686\u3002\r\n\r\nLibreChat 0.7.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8egroupid\u53c2\u6570\u6ca1\u6709\u9a8c\u8bc1\u6240\u63d0\u4f9b\u7684\u63d0\u793aID\u662f\u5426\u5c5e\u4e8e\u5f53\u524d\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u5220\u9664\u5176\u4ed6\u7528\u6237\u7684\u63d0\u793a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "LibreChat groupid\u53c2\u6570\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "LibreChat LibreChat \u003c0.7.6"
  },
  "referenceLink": "https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7",
  "serverity": "\u9ad8",
  "submitTime": "2025-03-27",
  "title": "LibreChat groupid\u53c2\u6570\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2024-11167 (GCVE-0-2024-11167)

Vulnerability from cvelistv5

Published

2025-03-20 10:09

Modified

2025-07-15 10:48

Severity ?

9.4 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user.

References

▼	URL	Tags
	https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0
	https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7

Impacted products

	Vendor	Product	Version
	danny-avila	danny-avila/librechat	Version: unspecified < 0.7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11167",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:51:22.725208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:34:15.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "danny-avila/librechat",
          "vendor": "danny-avila",
          "versions": [
            {
              "lessThan": "0.7.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users\u0027 prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T10:48:56.854Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0"
        },
        {
          "url": "https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7"
        }
      ],
      "source": {
        "advisory": "298f5760-5797-4432-8b9e-544609d612c0",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Access Control in danny-avila/librechat"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-11167",
    "datePublished": "2025-03-20T10:09:49.100Z",
    "dateReserved": "2024-11-12T21:07:31.363Z",
    "dateUpdated": "2025-07-15T10:48:56.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted