Zylon PrivateGPT CORS Misconfiguration Vulnerability Allowing Cross-Domain Data Access

A vulnerability exists in Zylon PrivateGPT versions through 0.6.2, where the CORS settings in the 'settings.yaml' file are improperly configured to allow all origins. This permissive policy enables any external domain to interact with the application, potentially leading to the unauthorized extraction of sensitive user data, such as credentials and private documents. The vulnerability can be exploited remotely and affects all deployment environments, including internal networks.

Impact

Exploitation of this vulnerability could result in the unauthorized access and leakage of sensitive user data, including credentials and private documents, from PrivateGPT.

Reproduction

To reproduce this vulnerability, upload sensitive documents or credentials to PrivateGPT. Then, host a malicious script that exploits the CORS misconfiguration by interacting with PrivateGPT's API. This can be done by modifying the 'Origin' request header to bypass the same-origin policy, allowing the extraction of sensitive information from the application.

Remediation

Users are advised to update to a version of PrivateGPT that addresses this CORS misconfiguration. Additionally, implement secure deployment practices that include strict network segmentation and access controls.