LibreChat Improper Access Control Vulnerability in File Uploads to Agent Context

A vulnerability exists in LibreChat version 0.8.1-rc2, where the application fails to enforce proper access controls for file uploads to an agent's file context and file search. This allows an authenticated attacker with knowledge of the agent ID to upload files that can alter the behavior of the agent, even without permission for that agent. The issue is rooted in inadequate permission checks for file uploads, particularly in the 'agents' endpoint. The vulnerability has been addressed in version 0.8.2-rc2.

Impact

Exploitation of this vulnerability allows for unauthorized modification of an agent's behavior by uploading files to its context or search, potentially leading to misuse of the agent's functions or instructions.

Reproduction

The vulnerability can be reproduced by uploading a file to the file context or file search of an agent, using an account that does not have the necessary permissions for that agent. This can be done by sending a POST request to the '/api/files' endpoint with the agent ID and the file details, including the file name and content. The upload will be accepted, and the file will appear in the agent's context or search, depending on where it was uploaded.

Remediation

Users are advised to update to LibreChat version 0.8.2-rc2 or later. The application should also implement proper permission checks for file uploads to agent contexts, ensuring that only authorized users can upload files to agents they have permission for.