Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT
Vulnerability Description
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify that the requested application belongs to the authenticated team. This leads to cross-tenant data exposure and unauthorized execution of private AI workflows. This vulnerability is fixed in 4.14.10.4.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
FastGPT 安全漏洞
Vulnerability Description
FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.14.10.4之前版本存在安全漏洞,该漏洞源于访问控制不当,任何经过身份验证的团队通过提供外部appId即可访问和执行属于其他团队的应用程序,可能导致跨租户数据暴露和未经授权的私有AI工作流执行。
CVSS Information
N/A
Vulnerability Type
N/A