bigsk1 openai-realtime-ui Server-Side Request Forgery Vulnerability in API Proxy Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in bigsk1 openai-realtime-ui, specifically in the API Proxy Endpoint within the server.js file, prior to commit 188ccde27fdf3d8fab8da81f3893468f53b2797c. The vulnerability arises because the /api/proxy endpoint accepts a user-supplied URL query parameter and forwards it to the fetch function without proper validation or allowlisting. This flaw can be exploited remotely, allowing attackers to make arbitrary outbound requests from the server. Such requests could access internal services, cloud metadata endpoints, or other restricted resources, potentially leading to unauthorized information disclosure and further compromise, depending on the internal environment.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal or external resources. This could result in accessing sensitive data from internal services or cloud metadata, and depending on the internal environment, could lead to further exploitation.

Reproduction

To reproduce this vulnerability, send a request to the /api/proxy endpoint with a URL query parameter that points to a reachable internal service or metadata endpoint. The server will process the request and fetch the specified URL, demonstrating the SSRF vulnerability by accessing internal resources through the server's network.