LobeChat Web-Crawler Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the web-crawler package of LobeChat version 1.136.1. The issue arises in the tools.search.crawlPages tRPC endpoint, where a client can send an arbitrary array of URLs along with a specified implementation. The naive implementation fetches each URL without validating or restricting access to internal network addresses, such as localhost, private IP ranges, or cloud instance metadata endpoints. This flaw allows an attacker with a valid user token, or in development mode using a bypass header, to make the server retrieve responses from internal HTTP services, potentially exposing sensitive API data or cloud metadata credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal HTTP services, allowing attackers to intercept responses that may contain sensitive data, such as internal API information or cloud metadata credentials. This could result in the leakage of authentication tokens or secret keys, misuse of internal administrative interfaces, and provide a foothold for further lateral movement within the network.

Reproduction

To reproduce this vulnerability, send a POST request to the 'tools.search.crawlPages' tRPC endpoint with an array of URLs that includes internal addresses, such as 'http://localhost:8889/internal-api', and specify the 'naive' implementation. In a development environment, include the 'lobe-auth-dev-backend-api: 1' header to bypass authentication. The server will fetch the internal URL, and the response can be extracted from the tRPC response structure.

Remediation

Update to LobeChat version 1.136.2, where this vulnerability has been fixed.