Tencent WeKnora Server-Side Request Forgery Vulnerability
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in Tencent WeKnora version 0.1.0. The issue arises in the `testEmbeddingModel` function within the `/api/v1/initialization/embedding/test` endpoint. This vulnerability allows remote attackers to manipulate the `baseUrl` parameter, enabling them to make unauthorized HTTP requests to internal network services.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal services, potentially leading to unauthorized access or information disclosure.
Reproduction
To reproduce this vulnerability, send a POST request to the `/api/v1/initialization/embedding/test` endpoint. Include the `source` parameter set to `remote`, the `modelName` parameter with a valid model name, and manipulate the `baseUrl` parameter to point to an internal IP address or service. The absence of authentication and input validation on this endpoint facilitates the exploitation of the SSRF vulnerability.
Remediation
Users are advised to upgrade to the latest version of Tencent WeKnora, as the vendor has confirmed that this issue does not exist in the latest releases.