AutoGPT SSRF Vulnerability in RSSFeedBlock

A server-side request forgery (SSRF) vulnerability has been identified in AutoGPT versions prior to autogpt-platform-beta-v0.6.34. The issue arises in the RSSFeedBlock, where the third-party library urllib.request.urlopen is used to access user-provided URLs without proper validation. This lack of filtering allows malicious actors to exploit the vulnerability by sending requests to internal services, potentially leading to unauthorized access or information disclosure.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the application to make requests on its behalf. This could be used to access internal resources or services that are not normally exposed to the outside world.

Reproduction

To reproduce this vulnerability, input a URL into the RSSFeedBlock that points to a local service, such as http://127.0.0.1:4321. The application will send a request to the specified URL without proper validation, allowing access to the local service.

Remediation

Users can update to AutoGPT version autogpt-platform-beta-v0.6.34 or later, where this vulnerability has been patched.