Significant Gravitas AutoGPT Server-Side Request Forgery Vulnerability in GitHub Integration and Web Search Blocks

A server-side request forgery (SSRF) vulnerability has been identified in the AutoGPT platform, specifically within the GitHub Integration and Web Search blocks, all part of the 'agpt-platform-beta-v0.1.1' version. These vulnerabilities arise because the blocks do not properly validate input URLs, allowing untrusted sources to manipulate requests. This could lead to the leakage of sensitive credentials, such as GitHub tokens, unauthorized access to internal services or data, and exploitation of internal network resources.

Impact

Exploitation of this vulnerability could result in the unauthorized access to internal services, APIs, or data stores, as well as the leakage of sensitive credentials, such as GitHub tokens, which could be misused to access or manipulate GitHub resources.

Reproduction

The vulnerability can be reproduced by using any of the affected GitHub integration blocks or the Web Search block. For the GitHub blocks, input a URL that points to a GitHub repository but is not validated by the block. This will allow the block to send a request to an attacker-controlled URL, including the GitHub credentials in the request headers. For the Web Search block, set the 'Raw Content' option and input a URL that points to an internal address, such as 'http://localhost' or 'http://172.17.0.1:9999'. This will access services running on the host machine and potentially exfiltrate data to an attacker.

Remediation

The vulnerability has been fixed in version 'agpt-platform-beta-v0.2.1'. Users should update to this version.