Executive Summary

This vulnerability exists in the Usagi-org ai-goofish-monitor software on Windows systems. It allows unauthenticated remote attackers to read arbitrary files on the system by exploiting the GET /api/prompts/{filename} endpoint. The vulnerability arises because the application attempts to block path traversal attacks by filtering out forward slashes and '..' sequences, but attackers can bypass this by supplying absolute Windows file paths or backslash-based traversal sequences. This causes the path joining function to ignore the intended directory restriction and expose files accessible to the application process.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to read sensitive files on the affected system without any authentication. This could lead to exposure of confidential information, system files, or configuration data that could be used for further attacks or to compromise the system's security.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated remote attackers to read arbitrary files on Windows deployments of the ai-goofish-monitor application by bypassing path traversal protections. This unauthorized file access could potentially expose sensitive or personal data stored on the affected system.

Such unauthorized disclosure of sensitive information may lead to non-compliance with data protection regulations and standards like GDPR or HIPAA, which require strict controls over access to personal and protected health information.

Therefore, if the exposed files contain regulated personal or health data, this vulnerability could result in violations of these compliance requirements due to the lack of authentication and improper access controls.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable endpoint with specially crafted requests that exploit the path traversal flaw. Specifically, you can send HTTP GET requests to the /api/prompts/{filename} endpoint using absolute Windows paths or backslash-based traversal sequences to see if arbitrary files are returned.

For example, on a Windows deployment, you can test by requesting sensitive system files such as the hosts file using a command like:

• curl -v http://<target-ip-or-host>/api/prompts/C:\Windows\System32\drivers\etc\hosts

If the response returns the contents of the file with HTTP 200 status without authentication, it indicates the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves updating the ai-goofish-monitor application to a version that includes the fix for this vulnerability.

The fix replaces the incomplete denylist path traversal guard with a robust path validation method using Path.resolve() to ensure that resolved file paths remain within the intended prompts directory, preventing absolute path traversal.

Specifically, apply the patch introduced in commit f85d140, which adds a helper function to safely resolve and validate file paths and updates the relevant API endpoint handlers to use this function.

Until the update can be applied, consider restricting access to the /api/prompts/{filename} endpoint via network controls or firewall rules to trusted users only, as the vulnerability allows unauthenticated remote file reads.

Useful 0 Not Useful 0