AI Chat Interface Vulnerable to Cloud Credential Theft

CVE Notify is flagging a serious security flaw in the popular open-source text-generation-webui, specifically affecting versions prior to 4.3. This web interface, used for running Large Language Models (LLMs), has RAG (Retrieval-Augmented Generation) extensions, superbooga and superboogav2, that are susceptible to a critical vulnerability. The issue stems from how these extensions handle user-supplied URLs for fetching data. According to CVE Notify, they use requests.get() without performing any validation checks. This means no scheme checks, no IP filtering, and no hostname allowlisting are in place.

This lack of validation opens the door for attackers to exploit the system. By tricking the interface into fetching data from malicious URLs, an attacker could potentially access cloud metadata endpoints. This is a major concern as these endpoints often expose sensitive information, including IAM credentials, which could grant unauthorized access to cloud resources. Furthermore, attackers could use this vulnerability to probe internal network services, mapping out the internal architecture for future attacks. The fetched content, including any stolen credentials, is then exfiltrated through the RAG pipeline, making the compromise even more impactful.

CVE Notify confirms that this vulnerability has been addressed in version 4.3 of text-generation-webui. Users running older versions are strongly advised to update immediately to mitigate the risk of credential theft and further network compromise.