Dify Plaintext API Key Exposure Vulnerability

A vulnerability in Dify, an open-source LLM application development platform, prior to version 1.11.0, allows non-administrator users to access the API key in plaintext through the frontend. This exposure can lead to unauthorized access to third-party services, potentially misusing limited quotas. The issue arises from the '/console/api/workspaces/current/model-providers' endpoint, which reveals custom model configurations including sensitive credentials. The vulnerability can be reproduced by installing the OpenAI-API-Compatible plugin, adding a model with an API key, and then inspecting the network response for the exposed key.

Impact

The vulnerability allows unauthorized users to view and reuse API keys, typically managed by administrators. This could lead to unauthorized access to third-party services, consumption of the administrator's service quota, and potential incurring of additional costs or service disruptions.

Reproduction

To reproduce this vulnerability, install Dify version 1.10.1-fix.1 and the OpenAI-API-Compatible plugin version 0.0.25. After configuring the plugin and adding a language model with an API key, open the Plugins page and inspect the network requests using Developer Tools. Locate the request to '/console/api/workspaces/current/model-providers' and find the entry for the OpenAI API Compatible provider. The response will include the plaintext API key in the 'custom_configuration.custom_models[0].credentials.api_key' field.

Remediation

Users can update to Dify version 1.11.0 or later, where this vulnerability has been fixed.