LobeHub File Upload Quota Bypass Vulnerability

A vulnerability in LobeHub's file upload feature, prior to version 1.143.3, allows users to intercept and modify upload requests. This lack of validation enables the creation of arbitrary files in unintended locations. Additionally, the application misuses the size parameter for calculating file usage, allowing attackers to manipulate reported file sizes. This could lead to bypassing upload quotas and causing discrepancies in resource consumption and billing, with potential financial impacts on service operators. The vulnerability could also degrade service availability and indirectly affect other users on the same subscription plan.

Impact

Exploiting this vulnerability can bypass upload quotas, leading to excessive file uploads that are not accounted for. This can cause storage exhaustion, degrade service availability by disrupting normal upload processes, and negatively impact other users or projects sharing the same subscription plan. Furthermore, the unmonitored uploads can overload downstream systems, such as backup processes and media processing pipelines, disrupting overall service reliability.

Reproduction

To reproduce this vulnerability, upload a file through the 'Knowledge Base > File Upload' feature. Intercept the upload request using a tool like Burp Suite. Modify the request parameters, specifically the name and size fields, before sending the request. This manipulation can bypass the maximum upload size limit imposed by LobeHub's subscription plans and upload files beyond the allowed storage limits.

Remediation

Users should update to LobeHub version 1.143.3 or later, where this vulnerability has been patched.