TypeBot Cross-Workspace Credential Theft Vulnerability via Bot-Engine Preview Endpoint

A vulnerability in TypeBot, a chatbot builder tool, allows for cross-workspace credential theft through the bot-engine's preview chat endpoint. This issue affects TypeBot versions through 3.15.2. The vulnerability arises because the preview endpoint accepts a client-controlled workspaceId field, which can be manipulated to bypass credential ownership verification. As a result, any authenticated user can access credentials from any workspace, leading to unauthorized use of sensitive information and potential abuse of external services.

Impact

Exploitation of this vulnerability allows any authenticated user to exfiltrate credentials from any workspace, including API keys, OAuth tokens, and other sensitive information. This can result in unauthorized access to integrated services, financial damage through abused credentials, and a broader data breach involving exposed OAuth tokens and connected services.

Reproduction

To reproduce this vulnerability, authenticate a TypeBot account and obtain a session cookie. Then, send a POST request to the preview endpoint with a crafted typebot object that includes an empty workspaceId. This request can be made using a tool like curl, and if successful, the response will contain the exfiltrated credentials embedded in a client-side script.

Remediation

Users can upgrade to TypeBot version 3.16.0, where this vulnerability has been patched. The update includes a fix for the authorization bypass in the preview chat endpoint, ensuring that workspace ownership checks are properly enforced.