Executive Summary

This vulnerability is a broken access control flaw in Dify version 1.8.1 affecting the endpoint /console/api/apps/<APP_ID>/chat-messages?conversation_id=<CONVERSATION_ID>&limit=10. It allows any user within the same workspace, including regular users without admin privileges, to read chat messages of other users if they know the conversation_id. This means unauthorized users can access sensitive chat data such as query text and filenames belonging to admins or other users, compromising confidentiality. [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by exposing confidential chat messages to unauthorized users within the same workspace. Regular users can access sensitive information such as queries and filenames from other users' chats without proper permissions. This compromises the confidentiality of your communications and may lead to information leakage or privacy violations. [2]

Useful 0 Not Useful 0

Compliance Impact

This vulnerability negatively affects compliance with standards and regulations like GDPR and HIPAA because it compromises the confidentiality of user data by allowing unauthorized access to sensitive chat messages. Such unauthorized disclosure of personal or sensitive information can lead to violations of data protection requirements, potentially resulting in legal and regulatory consequences. [2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable endpoint `/console/api/apps/<APP_ID>/chat-messages?conversation_id=<CONVERSATION_ID>&limit=10` using a regular user's Bearer token to see if chat messages from other users are accessible. For example, you can use a curl command to send a GET request to this endpoint with an authenticated user's token and check if chat messages from other users are returned. A sample command might be: `curl -H "Authorization: Bearer <user_token>" "https://<dify_instance>/console/api/apps/<APP_ID>/chat-messages?conversation_id=<CONVERSATION_ID>&limit=10"`. If the response includes chat messages from other users, the system is vulnerable. [2]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Dify to version 1.9.0 or later, where the vulnerability has been patched by enforcing editor-only access to chat message logs. This patch restricts access to users with roles such as OWNER, ADMIN, or EDITOR and denies access to NORMAL or DATASET_OPERATOR roles. If upgrading immediately is not possible, restrict access to the vulnerable endpoint by implementing access controls or network-level restrictions to prevent unauthorized users from querying chat messages. Additionally, monitor and audit access logs for suspicious requests to this endpoint. [1, 2]

Useful 0 Not Useful 0