LibreChat Mass Assignment Vulnerability Allowing Unauthorized Field Manipulation

A mass assignment vulnerability exists in LibreChat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in 'agentData' and passed to the database layer, allowing overwriting of any field in the schema, such as 'author', 'access_level', 'isCollaborative', and 'projectIds'. Additionally, the 'Object.prototype' can be polluted due to the use of 'Object.assign' with spread operators.

Impact

Exploitation of this vulnerability allows for unauthorized modification of agent data, including fields not exposed by the application, such as 'author' and 'isCollaborative'. The 'Object.prototype' can also be polluted, potentially leading to further exploitation.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/agents' endpoint with a payload that includes additional fields not intended to be modified, such as 'authorName', 'author', 'isCollaborative', and others. The response will include all the provided parameters, demonstrating that the mass assignment has occurred. This can be automated with a script or tool that sends HTTP requests, such as Burp Suite or Postman.

Remediation

Users are advised to update to LibreChat version 0.7.9 or later, where this vulnerability has been fixed.