LangChain-ChatGLM-Webui Insecure Permissions Vulnerability Allowing Arbitrary File Access
Vulnerability
A vulnerability exists in LangChain-ChatGLM-Webui, specifically in commit ef829, due to insecure permissions that allow attackers to view and download sensitive files. This is achieved by sending a crafted request that manipulates the URL path to access files within the agent directory, such as config.py. The vulnerability arises from inadequate file access controls in the knowledge base download functionality.
Impact
Exploitation of this vulnerability leads to unauthorized access and download of sensitive files from the agent directory.
Reproduction
To reproduce this vulnerability, upload a file to the knowledge base using the LangChain-ChatGLM-Webui interface. After the file is uploaded, modify the download request's URL to include relative paths to files in the agent directory, such as config.py. This will trigger the vulnerability by accessing and downloading the specified file without authorization.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.