modelscope AgentScope Studio Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the AgentScope Studio backend server, part of the modelscope/agentscope project. This issue arises from overly permissive Cross-Origin Resource Sharing (CORS) headers, which allow attackers to access all backend endpoints, including the sensitive 'api/file' endpoint. Exploiting this vulnerability could enable the reading of arbitrary files from the target's local file system via CSRF.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery on all AgentScope Studio backend endpoints. This includes the potential for local file inclusion, as well as the ability to make API calls that could delete servers added to the application, severely disrupting its functionality.

Reproduction

To reproduce this vulnerability, install AgentScope by cloning the repository and running 'pip install -e .'. Then, start AgentScope Studio by executing 'as_studio'. After the application is running, host a payload on a malicious website that sends a request to the 'api/file' endpoint, targeting a specific file on the local file system. When the hosted payload is accessed, it will trigger the CSRF vulnerability by reading the targeted file and sending its contents to an attacker-controlled server.