Executive Summary

This vulnerability exists in LibreChat versions prior to 0.8.4-rc1, where users can configure custom OpenAI-compatible API endpoints by setting a baseURL. The application uses this baseURL to construct HTTP requests without performing any Server-Side Request Forgery (SSRF) validation. Specifically, there are no checks for private IP addresses, no restrictions on the URL scheme, and no DNS pinning. As a result, an authenticated user can set the baseURL to internal network addresses, potentially allowing unauthorized access to internal resources.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow an authenticated user to perform SSRF attacks by setting the baseURL to internal network addresses. This can lead to unauthorized access to internal systems or services that are not intended to be exposed externally. Since the vulnerability has a high confidentiality impact (C:H) and a CVSS base score of 7.7, it indicates a significant risk of sensitive information disclosure within the internal network.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an authenticated attacker to perform Server-Side Request Forgery (SSRF) to internal network addresses, potentially leading to unauthorized access to cloud metadata, internal services, and credentials.

Such unauthorized access and potential data breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory consequences.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring and analyzing the configuration of the LibreChat application, specifically looking for user-configured custom API endpoints (baseURL) that point to internal network addresses without proper SSRF validation.

Since the vulnerability involves SSRF through the baseURL setting, detection can involve checking the baseURL values for suspicious internal IP addresses or non-HTTPS schemes.

On the network level, detection can involve monitoring outgoing HTTP requests from the LibreChat server to internal IP ranges or unusual endpoints.

• Check the LibreChat configuration or database for baseURL values pointing to private IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
• Use network monitoring tools like tcpdump or Wireshark to capture outgoing HTTP requests from the LibreChat server and filter for requests to internal IP addresses.
• Example tcpdump command to capture HTTP traffic to private IP ranges: sudo tcpdump -i any tcp port 80 and dst net 10.0.0.0/8 or dst net 172.16.0.0/12 or dst net 192.168.0.0/16
• Use curl or similar tools to test the baseURL endpoint configured in LibreChat to see if it allows access to internal services.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, upgrade LibreChat to version 0.8.4-rc1 or later, where the issue is fixed.

Avoid allowing authenticated users to configure custom OpenAI-compatible API endpoints with arbitrary baseURL values, especially those pointing to internal network addresses.

Useful 0 Not Useful 0