Dify Path Traversal Vulnerability in Plugin Daemon Internal API

A path traversal vulnerability has been identified in Dify versions through 1.14.1. This vulnerability allows authenticated users to manipulate requests sent to the Plugin Daemon's internal REST API by taking advantage of inadequate URL path sanitization. Attackers can escape their authorized tenant path using unencoded dot sequences in task identifiers or altered filename parameters, accessing internal endpoints such as debug interfaces. Exploitation requires only knowledge of the victim tenant's UUID. Notably, Dify Cloud permits unauthenticated self-registration, making it easy for attackers to create accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized access to another tenant's environment, allowing deletion of installation tasks, retrieval of task information, access to tenant assets, and exploitation of internal debug endpoints to obtain sensitive server performance data. Furthermore, the vulnerability could be leveraged to access any new or modified endpoints in the future.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the '/workspaces/current/plugin/icon' endpoint with a manipulated filename parameter that includes path traversal sequences. Alternatively, the '/workspaces/current/plugin/tasks/<task_id>/delete/path:identifier' endpoint can be used to achieve similar path traversal by controlling the task ID and identifier parameters. The dot sequences must be urlencoded to traverse out of the authorized tenant path.

Remediation

Users can update to Dify version 1.14.2 or later, where this vulnerability has been addressed.