narayan-h
commented
2 months ago Any update on this chainlit this is really, BIG Risk
Open puppetm4st3r opened 5 months ago
narayan-h
commented
2 months ago Any update on this chainlit this is really, BIG Risk
qvalentin
commented
1 month ago This is a significant security concern because it allows an attacker to upload a malicious file (e.g., an HTML file with inline JavaScript) and share the /project/file URL with a victim. When the victim accesses this URL, the malicious JavaScript will execute in their context, potentially extracting sensitive data like chat history.
I have opened this pull request to address this issue.
dokterbob
commented
1 month ago Really sorry, I must have missed this issue, which was created before I joined the project. Happy to see the fix, I want to try and get this solved before the next release (1.3.0).
Describe the bug When you has chainlit configured with authentication, in an incognito browser you can freely access to temporal audio files generated in audio assistants, only putting the URL in the browser like: https://192.168.0.150:8888/project/file/16745f20-dddf-4cf6-84d5-6d424635c63b?session_id=e8bafcfa-ff64-4517-bdc6-8ceddc74e89d
To Reproduce Inspect the audio control in an authenticated chainlit instalation, copy paste the source URL from the any audio control generated by your assistant, put the link like https://192.168.0.150:8888/project/file/16745f20-dddf-4cf6-84d5-6d424635c63b?session_id=e8bafcfa-ff64-4517-bdc6-8ceddc74e89d in an incognito tab or browser.
Expected behavior Audio files are sensitive material, if auth on chainlit is activated, then audio files must be protected some way with the JWT token, nice to have: temporary generated audio files links, in order to expire at x minutes from generation.
Smartphone (please complete the following information):
Not tested