Описание
Lobe Chat API Key Leak
Summary
If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request.
Details
The attack process is described above.
PoC
Frontend:
- Pass basic authentication (SSO/Access Code).
- Set the Base URL to a private attack address.
- Configure the request method to be a server-side request.
- At the self-set attack address, retrieve the API Key information from the request headers.
Backend:
- The LobeChat version allows setting the Base URL.
- There is no outbound traffic whitelist.
Impact
All community version LobeChat users using SSO/Access Code authentication, tested on version 0.162.13.
Пакеты
@lobehub/chat
< 0.162.25
0.162.25
Связанные уязвимости
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.