Langchain-Chatchat Predictable File Identifier Vulnerability in Uploaded File Handler

A vulnerability exists in Langchain-Chatchat versions up to 0.3.1.3 within the Uploaded File Handler component. The issue arises in the function responsible for generating file identifiers for the OpenAI-compatible '/v1/files' API. The identifiers are created by base64-encoding a string that includes the purpose, date, and filename, resulting in a deterministic identifier with no randomization. This predictability allows an attacker with knowledge or the ability to guess the upload date and filename to construct valid file identifiers for any uploaded file. Exploitation of this vulnerability requires access to the local network.

Impact

This vulnerability allows for targeted access to files, enabling an attacker to read, overwrite, or delete specific files through the '/v1/files/{file_id}' endpoints. Additionally, this predictable file identification could facilitate other vulnerabilities, such as unauthorized file reads or targeted file overwrites, by providing a means to manipulate file access without detection.

Reproduction

The vulnerability can be reproduced by manually constructing file identifiers using the predictable format of 'base64(purpose/date/filename)'. Once the file identifier is created, it can be used to access, overwrite, or delete files through the corresponding API endpoints.

Remediation

To address this vulnerability, the file identifier generation function should be modified to include a unique, random component, such as a UUID, in the identifier. This change would make the identifiers less predictable and reduce the risk of unauthorized file access.