5.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-37895

CVE-2024-37895: Lobe Chat API Key Leak

Summary

If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request.

Details

The attack process is described above.

PoC

Frontend:

Pass basic authentication (SSO/Access Code).
Set the Base URL to a private attack address.
Configure the request method to be a server-side request.
At the self-set attack address, retrieve the API Key information from the request headers.

Backend:

The LobeChat version allows setting the Base URL.
There is no outbound traffic whitelist.

Impact

All community version LobeChat users using SSO/Access Code authentication, tested on version 0.162.13.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-37895

CVE-2024-37895:

5.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@lobehub/chat	npm	< 0.162.25	0.162.25

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability combines two critical failures: 1) Unrestricted base URL modification allows SSRF (CWE-918), and 2) Sensitive API keys are included in requests to attacker-controlled endpoints (CWE-200). The first function likely handles user input for base URL without validation(), while the second function would be responsible for attaching sensitive headers to outbound requests. These would work in tandem to enable the described attack flow where authenticated users can exfiltrate credentials via modified endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-37895: Lobe Chat API Key Leak

Summary

Details

PoC

Impact

CVE-2024-37895:

5.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2024-37895: Lobe Chat API Key Leak

Summary

Details

PoC

Impact

Basic Information

Basic Information

5.7

5.7

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI