Assafelovic GPT-Researcher Missing Authentication Vulnerability in HTTP REST API Endpoint

A vulnerability exists in Assafelovic GPT-Researcher versions through 3.4.3, where all HTTP REST API endpoints and the WebSocket interface are exposed without any authentication or authorization. This flaw allows any unauthenticated user to access critical functions such as file uploads and deletions, research task generation, report access, and chat interactions. The vulnerability arises because the FastAPI application does not implement authentication middleware or authorization checks, leaving 14 endpoints accessible to any network user.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads and deletions, access to all research reports, consumption of API credits through unlimited research task generation, and manipulation of server-side configuration via the WebSocket interface.

Reproduction

The vulnerability can be reproduced by sending requests to the exposed API endpoints without any authentication. This can be done using tools like curl or Postman. For example, uploading a file can be done by sending a POST request to the '/upload/' endpoint with the file included in the request. Similarly, files can be deleted by sending a DELETE request to the '/files/{filename}' endpoint. Research tasks can be generated by posting to the '/report/' endpoint, and all reports can be accessed through the '/api/reports' endpoint or by downloading them from the '/outputs/' mount.

Remediation

Users are advised to implement API key authentication middleware on all sensitive routes, require valid tokens for WebSocket connections, and add rate limiting to research task requests. Additionally, the application should be configured to bind only to localhost by default, remove the static '/outputs/' mount, and include a security warning in the README about the lack of built-in authentication.