Ai2 Playground Web Service Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Ai2 Playground web service's chat feature, through June 3, 2025. This vulnerability enables attackers to access sensitive information by enumerating thread keys in the URL, thereby gaining unauthorized access to other users' conversation histories. The chat histories are stored on the server without proper ownership distinction, allowing for brute-force access to private conversations.

Impact

Exploitation of this vulnerability allows for unauthorized access to other users' chat histories, including private conversations that have not been publicly shared.

Reproduction

To reproduce this vulnerability, access the Ai2 Playground web service and initiate a chat with the LLM. Conversation histories are stored on the server and can be accessed by brute-forcing the message IDs, which follow a predictable format. The IDs can be manipulated in the URL to retrieve other users' conversation threads.