LangGenius Dify Server-Side Request Forgery Vulnerability in ApiToolManageService

A server-side request forgery (SSRF) vulnerability has been identified in LangGenius Dify versions through 0.6.9. The issue resides in the ApiToolManageService component, specifically within the get_api_tool_provider_remote_schema function of the file api/services/tools/api_tools_manage_service.py. This vulnerability allows authenticated users, even with low privileges, to manipulate the url parameter and induce the server to make arbitrary HTTP GET requests. The vulnerability bypasses the application's internal SSRF protection, leaving the server open to requests to internal network resources or cloud metadata services.

Impact

Exploitation of this vulnerability allows for blind SSRF, where an attacker can make the server send requests to internal services or cloud metadata endpoints, potentially leading to unauthorized access to sensitive information or internal resources.

Reproduction

To reproduce this vulnerability, authenticate to the Dify API to obtain a valid access token and CSRF token. Then, send a GET request to the endpoint /console/api/workspaces/current/tool-provider/api/remote, including an internal URL as the url query parameter. If the internal port is open, the server will connect, retrieve data, and return a 400 error indicating an invalid parameter, confirming the connection was established. If the port is closed, the server will return a connection refused error or timeout, which can also be used to infer information about the internal network.