Executive Summary

This vulnerability affects LibreChat versions up to and including 0.8.3. Users who have only VIEW access to an MCP server can retrieve decrypted admin-managed secrets by using specific API endpoints (`GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`). The responses include plaintext sensitive information such as `apiKey.key` and `oauth.client_secret`. This means that viewers of a shared MCP server can exfiltrate the underlying provider credentials without needing higher privileges.

The issue is patched in version 0.8.4, and recommended remediations include not returning decrypted secrets to non-owners, redacting sensitive fields from API responses, returning only boolean indicators for secret presence, or using placeholders instead of plaintext secrets.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive credentials such as API keys and OAuth client secrets. An attacker with VIEW access can exfiltrate these secrets, potentially allowing them to impersonate the server or access connected AI providers, leading to unauthorized actions or data exposure.

Since the vulnerability allows access to confidential credentials without elevated privileges, it increases the risk of credential theft and misuse, which can compromise the security and integrity of the affected systems.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading LibreChat to version 0.8.4 or later, which contains a patch for this vulnerability.

• Never return decrypted admin-managed secrets to non-owners.
• Redact apiKey.key and oauth.client_secret from all API responses.
• Consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern.
• If owners need to edit configs without re-entering secrets, preserve secrets server-side and return placeholders instead of plaintext.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows users with only VIEW access to retrieve decrypted admin-managed secrets, including plaintext API keys and OAuth client secrets. Such unauthorized exposure of sensitive credentials can lead to data breaches or unauthorized access to protected systems.

Exposure of sensitive credentials may violate common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and proper access controls to prevent unauthorized disclosure.

Therefore, this vulnerability could negatively impact compliance by enabling unauthorized access to sensitive information, potentially leading to regulatory violations and associated penalties.

Useful 0 Not Useful 0