Farion1231 cc-switch CORS Misconfiguration Vulnerability in Proxy Server

A cross-origin resource sharing (CORS) misconfiguration vulnerability has been identified in Farion1231 cc-switch versions through 3.12.3. The local proxy server, accessible at 127.0.0.1:15721, allows any website to send cross-origin requests. This permissive policy enables remote exploitation, as the proxy automatically injects the user's API key into forwarded requests. Consequently, a malicious website can misuse the user's AI API (such as Claude, OpenAI, or Gemini) without knowledge of the API key, requiring only a single user action: visiting the webpage.

Impact

The vulnerability allows for unauthorized cross-origin requests to the local proxy, leading to abuse of the user's AI API keys. This exploitation can result in unauthorized API usage, incurring costs for the victim, and potential exfiltration of sensitive information from AI interactions.

Reproduction

To reproduce this vulnerability, visit a webpage that exploits the CORS misconfiguration. The page can silently send requests through the cc-switch proxy, using the injected API key to access the user's AI services. This can be done by checking the proxy's health status and then sending a request to one of the AI API endpoints, such as the Claude or OpenAI completion endpoints.

Remediation

Users can update to cc-switch version 3.13.0, which addresses the CORS misconfiguration by restricting cross-origin requests to only those originating from localhost.