Vexa Transcription-Collector Unauthenticated Data Access Vulnerability

A vulnerability in the Vexa transcription-collector service allows unauthenticated access to meeting transcripts. The internal endpoint `GET /internal/transcripts/{meeting_id}` is exposed without any authentication or authorization checks, enabling attackers to access confidential data from any user's meetings. This issue affects Vexa versions prior to 0.10.0-260419-1910.

Impact

Exploitation of this vulnerability leads to unauthorized access to all users' meeting transcripts, causing a multi-tenant data breach by exposing confidential information such as business conversations, passwords, and personal identifiable information.

Reproduction

To reproduce this vulnerability, clone the Vexa repository and start the application using Docker. After initializing the database, create two users: one victim (Alice) and one attacker (Eve). Then, create a confidential meeting for Alice, including sensitive transcript data. Finally, the attacker can access Alice's transcripts through the unprotected internal endpoint, without any authentication.

Remediation

Users can update to Vexa version 0.10.0-260419-1910 or later, where this vulnerability has been patched.