FastGPT Server-Side Request Forgery Vulnerability in Dataset Preview API

A Server-Side Request Forgery (SSRF) vulnerability has been identified in FastGPT versions prior to 4.15.0-beta1. This vulnerability allows authenticated attackers to bypass internal network protections and make arbitrary HTTP GET requests to internal services. The issue arises from an incomplete fix in the dataset preview endpoint when the externalFile data import type is used. Exploitation of this vulnerability can lead to unauthorized access to sensitive internal data or services.

Impact

Exploitation of this vulnerability allows authenticated users to bypass internal network protections and make unauthorized HTTP GET requests to internal services. This could be used to access sensitive data or services that are not exposed to the public internet.

Reproduction

To reproduce this vulnerability, log into FastGPT and obtain a valid API token. Create or identify a valid dataset ID. Then, send a POST request to the dataset preview endpoint '/api/core/dataset/file/getPreviewChunks' with the 'type' set to 'externalFile' and the 'sourceId' pointing to a target internal URL that ends with a valid text file extension. The request will bypass internal routing checks, fetch the specified internal asset, and return its content in the response.

Remediation

Users should update FastGPT to version 4.15.0-beta1 or later, where this vulnerability has been patched.