Serge-Chat Serge Unauthenticated Model API Access Vulnerability Allowing Disk Exhaustion and Data Loss

A vulnerability exists in the Serge-Chat application, specifically in the Model API Endpoint, within the file 'api/src/serge/routers/model.py'. All versions of Serge-Chat through 1.4TB are affected. The vulnerability arises from missing authentication on critical functions, allowing unauthenticated remote attackers to manipulate model downloads and deletions. This issue was introduced when user management was added, but the model router was not updated to require authentication. As a result, attackers can exploit this vulnerability to download large model files, delete installed models, and interfere with ongoing downloads, causing significant disruption to the application and its users.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by exhausting server disk space with unnecessary model downloads, causing the application to crash. Additionally, the vulnerability allows for unauthorized deletion of model files, disrupting service for all users and requiring time-consuming re-downloads. The issue also interferes with legitimate downloads by authorized users.

Reproduction

To reproduce this vulnerability, first enumerate the available models by sending a request to the 'http://localhost:8008/api/model/all' endpoint. This can be done without authentication. Next, trigger a model download by sending a POST request to the 'http://localhost:8008/api/model/{model_name}/download' endpoint, replacing '{model_name}' with the name of the desired model. After initiating the download, verify the progress by checking the download status. Once the download is confirmed, cancel it by sending a POST request to the 'http://localhost:8008/api/model/{model_name}/download/cancel' endpoint. Finally, to demonstrate the disk exhaustion aspect, send simultaneous download requests for all available models, which will collectively consume approximately 1.4TB of disk space.