Dify Authorization Bypass Vulnerability in File Preview Endpoint

An authorization bypass vulnerability has been identified in Dify versions through 1.14.1. This vulnerability allows any authenticated user to access the first 3,000 characters of any uploaded document across all tenants and workspaces, using only the file's UUID. The issue arises in the file preview endpoint, where sensitive content can be extracted from documents without proper ownership or workspace permission verification. Dify Cloud's unauthenticated free self-registration further facilitates this exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive document content, bypassing established permission checks and workspace separations. This could lead to cross-tenant and cross-workspace data exposure.

Reproduction

To reproduce this vulnerability, an authenticated user can intercept a file UUID from a regular file-preview link. Then, using the intercepted UUID, the user can access the '/console/api/files/{file_id}/preview' endpoint to extract the first 3,000 characters of the corresponding document. This can be automated with a provided Python script that handles the file upload and preview retrieval processes.

Remediation

Users can update to Dify version 1.14.2 or later, where this vulnerability has been addressed.