Vanna AI Vanna Legacy Flask API Improper Authorization Vulnerability

A critical vulnerability has been identified in Vanna AI's Vanna application, specifically in versions through 2.0.2. The issue arises from the Legacy Flask API, which defaults to an authentication method that allows all requests without credentials. This flaw exposes over 20 API endpoints, including those for SQL execution, SQL injection, training data management, and function management, to unauthorized remote access. The vulnerability exists because the API's authentication backend, NoAuth(), fails to properly validate user credentials, leaving sensitive functionalities open to exploitation.

Impact

Exploitation of this vulnerability allows unauthorized access to all API endpoints in the legacy Flask API, bypassing authentication entirely. This could lead to unauthorized SQL execution, SQL injection, manipulation of training data, and abuse of functions that incur costs on the victim's behalf.

Reproduction

The vulnerability can be reproduced by sending requests to the Vanna Legacy Flask API endpoints without any authentication. For example, accessing the '/api/v0/get_config' endpoint will return the server configuration without requiring credentials. This can be done using tools like curl or Burp Suite.

Remediation

It is recommended to change the default authentication setting in the VannaFlaskApp to require explicit authentication. If this is not possible, a warning should be logged to alert users that the application is running with no authentication, which is unsafe for production.