CVE-2024-24566
published 2024-01-31CVE-2024-24566: Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.48%
37.9th percentile
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lobehub | chat | >= 0 < 0.122.4 | 0.122.4 |
| lobehub | lobe-chat | < 0.122.4 | 0.122.4 |
| lobehub | lobe_chat | < 0.122.4 | 0.122.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
@lobehub/chat vulnerable to unauthorized access to plugins
ghsa·2024-01-31
CVE-2024-24566 [MEDIUM] CWE-284 @lobehub/chat vulnerable to unauthorized access to plugins
@lobehub/chat vulnerable to unauthorized access to plugins
### Description:
When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password).
### Proof-of-Concept:
Let’s suppose that application has been deployed with following command:
```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat```
Due to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password:
However, it is possible to interact with chat plugins without entering the `ACCESS_CODE`.
Example HTTP request:
```
POST /api/plugin/gateway HTTP/1.1
Host: localhost:3210
Content-Length: 1276
{"apiName":"checkWeatherUsi
OSV
@lobehub/chat vulnerable to unauthorized access to plugins
osv·2024-01-31
CVE-2024-24566 [MEDIUM] @lobehub/chat vulnerable to unauthorized access to plugins
@lobehub/chat vulnerable to unauthorized access to plugins
### Description:
When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password).
### Proof-of-Concept:
Let’s suppose that application has been deployed with following command:
```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat```
Due to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password:
However, it is possible to interact with chat plugins without entering the `ACCESS_CODE`.
Example HTTP request:
```
POST /api/plugin/gateway HTTP/1.1
Host: localhost:3210
Content-Length: 1276
{"apiName":"checkWeatherUsi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbdhttps://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbdhttps://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37
2024-01-31
Published