LibreChat Server-Side Request Forgery Vulnerability in Actions Feature

A server-side request forgery (SSRF) vulnerability has been identified in LibreChat versions prior to 0.8.1-rc2. The issue arises in the 'Actions' feature, where authenticated users can submit specially crafted OpenAPI specifications. The server fails to properly validate the domains of URLs specified in these OpenAPI specs, allowing users to access internal URLs only reachable by the LibreChat server, such as cloud metadata services. Exploiting this vulnerability could lead to unauthorized access to sensitive information, including local configuration and credentials from cloud services.

Impact

Exploitation of this vulnerability allows authenticated users to use the LibreChat server as a proxy to access arbitrary URLs. This could bypass firewall restrictions, access internal networks, and retrieve sensitive data from cloud metadata services, potentially leading to impersonation of the server.

Reproduction

To reproduce this vulnerability, an authenticated user can create an action in LibreChat by submitting an OpenAPI specification that includes a URL in the 'servers' list. The server will validate the 'domain' field but not the actual URL, allowing the user to access internal services through the LibreChat server.

Remediation

Users are advised to update LibreChat to version 0.8.1-rc2 or later, where this vulnerability has been patched.