Dify Authorization Bypass Vulnerability in Trace Configuration Endpoints

An authorization bypass vulnerability has been identified in Dify versions through 1.14.1. This vulnerability allows authenticated editor users to manipulate trace configurations for any application, irrespective of tenant ownership. The issue arises from the absence of necessary tenant ownership checks in the trace configuration endpoints, enabling redirection of all messages and responses from affected applications to LLM trace providers controlled by the attacker. Notably, Dify Cloud permits unauthenticated self-registration, making it easy for attackers to create accounts.

Impact

Exploitation of this vulnerability allows unauthorized users to establish a persistent channel for exfiltrating all messages and responses from the affected application, redirecting them to an attacker-controlled LLM trace provider.

Reproduction

To reproduce this vulnerability, an authenticated editor user can access a public application URL to retrieve the X-App-Passport header, which contains the internal app ID. After obtaining the app ID, the user can use the Dify console to configure and enable a trace provider for the application, without any tenant restrictions. Once the trace provider is set up, all messages sent through the application will be visible on the attacker's tracing provider dashboard.

Remediation

Users are advised to update to Dify version 1.14.2 or later, where this vulnerability has been addressed.