LibreChat Insufficient JSON Validation in Prompt Group PATCH Endpoint Vulnerability

A vulnerability exists in LibreChat versions 0.8.0 and prior, allowing users to manipulate prompt ownership details through the PATCH endpoint for prompt groups. The issue arises from inadequate validation of JSON request bodies, enabling unauthorized modifications to prompt attributes that should be controlled by the front-end interface. Exploiting this flaw could disrupt a user's ability to manage their prompts or, conversely, grant access to prompts belonging to other users.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in prompt ownership, allowing users to alter the author name and ID of prompts. This could disrupt the normal functioning of the prompt management system, potentially causing users to lose access to their prompts or gain access to those belonging to others.

Reproduction

To reproduce this vulnerability, first send a GET request to retrieve a prompt's details, including its ownership information. Then, craft a PATCH request to the same prompt, including a JSON payload that modifies the 'author' and 'authorName' fields with arbitrary values. This request will bypass the front-end validation and update the prompt's ownership information. After the PATCH request, attempts to modify the prompt through normal channels will fail, indicating that the prompt has been improperly altered.

Remediation

Users can update to LibreChat version 0.8.1, where this vulnerability has been fixed.