CVE-2024-5936
MEDIUM NUCLEIprivategpt 0.5.0 - Open Redirect via File Parameter
Title source: llmExploitation Summary
CVE-2024-5936 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft.
Nuclei Templates (1)
PrivateGPT < 0.5.0 - Open Redirect
MEDIUMVERIFIEDby ctflearner
Shodan:
html:"private gpt"
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/43f05c1e-d7b8-45e2-b1fe-48faf1e3a48d
Scores
CVSS v3
6.1
EPSS
0.2893
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
pribai/privategpt
0.5.0
Published
Jun 27, 2024
Tracked Since
Feb 18, 2026