HKUDS LightRAG
- <= 1.5.3
A vulnerability in LightRAG prior to version 1.5.4 allows any origin to make credentialed requests to the API, exploiting a misconfiguration of Cross-Origin Resource Sharing (CORS) settings. The server defaulted to CORS_ORIGINS='*' while allowing credentials, which Starlette's CORSMiddleware interpreted as whitelisting all origins for authenticated requests. This flaw enabled malicious websites to access sensitive user data and perform destructive actions within the application.
Exploitation of this vulnerability could lead to unauthorized access to user documents and knowledge graph data, or allow for destructive actions such as deleting the entire document store.
To reproduce this vulnerability, log into LightRAG and visit a malicious website that can make API requests. The site can then silently exfiltrate documents and knowledge graph data or perform destructive actions like deleting the document store.
Users can update to LightRAG version 1.5.4 or later, where this vulnerability has been fixed.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.