AI Sec Watch

LibreChat, a ChatGPT-like application supporting multiple AI providers, has a vulnerability in versions before 0.8.4-rc1 where the 2FA backup code regeneration endpoint doesn't verify the user's identity. An attacker with a stolen session token (a credential that keeps you logged in) can regenerate a victim's two-factor authentication backup codes and use them to bypass login security or disable 2FA entirely.

LibreChat, a tool that lets users chat with multiple AI providers, had an incomplete security fix. While developers added rate limiters (controls that limit how many requests can be made in a short time) to one endpoint called /fork to stop users from duplicating conversations too quickly, they forgot to add the same protection to a similar endpoint called /duplicate, which does the same resource-heavy database work. An authenticated user (someone with a valid login) could exploit this gap by using /duplicate instead of /fork to overwhelm the server.

LibreChat, a ChatGPT-like tool that works with multiple AI providers, had a security flaw in versions before 0.8.4-rc1 where authenticated users could configure custom API endpoints without proper validation, potentially allowing them to access internal network addresses through SSRF (server-side request forgery, where a server is tricked into making requests to unintended targets).

LibreChat, a ChatGPT-like application that works with multiple AI providers, has a vulnerability in versions before 0.8.5 where it fails to validate the resource parameter from OAuth (a system for securely sharing access between applications) metadata, allowing a malicious server to steal access tokens meant for legitimate servers. This is an origin validation error (CWE-346, where the system fails to check that data comes from the expected source).

LibreChat (a ChatGPT alternative that works with multiple AI services) has a vulnerability in versions before 0.8.4-rc1 where the message deletion API endpoint doesn't properly check ownership, allowing any logged-in user to permanently delete another user's messages by providing their own conversation ID along with someone else's message ID.

LibreChat, a ChatGPT-like application that works with multiple AI providers, has a vulnerability in its image upload feature (the POST /api/files/images endpoint) that allows any logged-in user to upload files to another user's agent tools without permission. The developers had previously added permission checks to a file upload route, but forgot to add the same checks to the image upload route, making it easy for attackers to bypass the security by using images instead of regular files. This issue is fixed in version 0.8.4-rc1.

LibreChat, a ChatGPT-like application that works with multiple AI providers, has a vulnerability in how it displays formatted text (markdown) before version 0.8.4-rc1. The marked library fails to properly escape special characters in image descriptions, allowing an attacker to hide malicious code in those descriptions. When a user views the formatted text, this hidden code executes in their browser without permission.

LibreChat is a ChatGPT-like application that works with multiple AI providers. Before version 0.8.4-rc1, a file upload endpoint called POST /api/convos/import didn't have proper file size restrictions, allowing logged-in users to upload very large files that could fill up a server's storage and memory. A previous security fix added size limits to other file uploads but missed this endpoint.

A German court ruled that Google is liable for inaccurate AI search summaries, rejecting the argument that Google is merely a neutral carrier of information. The ruling clarifies that when companies use AI to rewrite and summarize content from other sources, they act as publishers and editors, making editorial decisions like traditional newspapers, rather than simply transmitting information. This legal development suggests that companies deploying AI systems bear responsibility for their accuracy, similar to how they would be liable if human employees made the same errors.