Assafelovic GPT Researcher Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Assafelovic GPT Researcher versions through 3.4.3. The issue resides in the WebSocket '/ws' endpoint, where the 'source_urls' parameter is accepted without any validation. This allows attackers to send arbitrary URLs that the server will request, potentially accessing internal services or metadata endpoints. The vulnerability is unauthenticated and the scraped content is returned to the attacker via the research report output, constituting a full-read SSRF.

Impact

Exploitation of this vulnerability allows for unauthorized HTTP requests to be made from the server, with the potential to access internal services, cloud metadata, and application data, all of which can be exfiltrated back to the attacker.

Reproduction

To reproduce this vulnerability, connect to the WebSocket '/ws' endpoint and send a 'start' command with a payload that includes malicious URLs in the 'source_urls' parameter. The server will scrape the content from these URLs and return it in the research report output.

Remediation

It is recommended to implement URL validation at the entry point and the scraper initialization to block unauthorized schemes and private IP addresses. This can be done by checking the URL scheme, hostname, and resolving the hostname to ensure it does not point to a private or internal IP.