ChatGPTNextWeb NextChat CORS Misconfiguration Vulnerability Allowing Cross-Origin Exploitation

A vulnerability exists in ChatGPTNextWeb NextChat versions through 2.16.1, where the application implements a permissive Cross-Origin Resource Sharing (CORS) policy on all API endpoints. This misconfiguration allows any origin to make cross-origin requests, potentially leading to unauthorized access to server resources and API keys. The issue arises from the application's CORS headers, which are set to allow all origins, methods, and headers, including sensitive ones like Authorization. This vulnerability can be exploited remotely, especially if the affected NextChat instance is publicly accessible.

Impact

Exploitation of this vulnerability allows for cross-origin requests to the NextChat API, with the potential to read sensitive server responses. A critical aspect of the impact is the unauthorized exfiltration of server-configured API keys for various services, including OpenAI and Azure, through a cross-origin Server-Side Request Forgery (SSRF) attack vector. Additionally, the vulnerability facilitates Cross-Site Request Forgery (CSRF) attacks by missing origin restrictions on state-changing operations.

Reproduction

The vulnerability can be reproduced by sending a preflight OPTIONS request to the NextChat API with a malicious origin and custom headers. The server's permissive CORS response can then be used to exploit the application by injecting a crafted 'x-base-url' header into a cross-origin request, which the server processes without validation. This can be automated with a script that, for example, scans internal network services or collects sensitive API keys from the NextChat server.

Remediation

To address this vulnerability, it is recommended to restrict the CORS policy by validating origins against an allowlist, removing 'Access-Control-Allow-Credentials: true', and implementing CSRF protection on state-changing API endpoints.