AutoGPT Authenticated Session Hijacking Vulnerability via IDOR

A vulnerability allowing authenticated session hijacking has been identified in AutoGPT versions 0.6.36 prior to 0.6.50. This issue arises from an Insecure Direct Object Reference (IDOR), where an authenticated user can take over another user's session by exploiting a lack of ownership verification in the session management endpoint. The vulnerability allows the attacker to access all messages in the hijacked session and lock the original user out by overwriting the session's user ID.

Impact

Exploitation of this vulnerability allows any authenticated user to hijack another user's chat session, gaining access to all messages and locking the original user out of their session.

Reproduction

To reproduce this vulnerability, an authenticated user must first obtain the session ID of another user. This can be done by creating a chat session and then using the PATCH request to the '/sessions/{session_id}/assign-user' endpoint to reassign the session to the attacker. The victim will receive a 404 error when trying to access their session, indicating that they have been locked out.

Remediation

Users can update to AutoGPT version 0.6.51 or later, where this vulnerability has been patched.