New API Large Language Model Gateway Insecure Direct Object Reference Vulnerability

An insecure direct object reference (IDOR) vulnerability has been identified in New API, a large language model gateway and AI asset management system, prior to version 0.11.4-alpha.2. The vulnerability exists in the video proxy endpoint `GET /v1/videos/:task_id/content`, where authenticated users can access video content belonging to other users. This issue arises because the endpoint lacks proper authorization checks, allowing users to retrieve videos by `task_id` alone, without verifying ownership. Additionally, the vulnerability enables the server to authenticate with upstream AI providers using credentials from tasks that the user does not own.

Impact

Exploitation of this vulnerability allows authenticated users to access and download video content from other users, bypassing tenant isolation for media assets. It also causes the server to fetch video content from upstream providers for tasks that the user does not own, potentially including sensitive data such as private keys for accessing Gemini tasks.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the video proxy endpoint `GET /v1/videos/:task_id/content` using a `task_id` that belongs to another user. The request must include an authorization token for the authenticated user. The server will respond with the requested video content, demonstrating the unauthorized access.

Remediation

Users can update to New API version 0.11.4-alpha.2 or later, which includes a patch for this vulnerability. The patch modifies the video proxy endpoint to check task ownership by querying with both `user_id` and `task_id`, ensuring that users can only access their own video content.