Mintplex Anything-LLM Incorrect Authorization Vulnerability Allowing API Key Modification and Denial-of-Service

A vulnerability exists in the Mintplex Labs Anything-LLM repository, specifically in commit 5c40419. It allows low-privilege users to access the sensitive API endpoint '/api/system/custom-models'. This access enables them to modify a model's API key and base path, potentially leading to API key leakage and causing a denial-of-service on chat functionalities.

Impact

Exploitation of this vulnerability could result in unauthorized modification of API keys, allowing access to sensitive LLM functionalities, and causing disruptions in chat services by invalidating API keys needed for LLM interactions.

Reproduction

To reproduce this vulnerability, enable multi-user mode on the server and create a low-privilege user. This user can access the '/api/system/custom-models' endpoint to change the API key of a model, disrupting LLM functionalities for all users. Additionally, the same endpoint can be used to redirect requests to a server controlled by the attacker, allowing interception of sensitive API keys.

Remediation

Users can update to version 1.3.1 or later, where this vulnerability has been fixed.