Medium

localai

Resource, Credit, and Disk Space Exhaustion via CSRF

detail - A Cross-Site Request Forgery (CSRF) vulnerability in LocalAI version 2.7.0 allows attackers to craft malicious webpages that, when visited by a victim, make unauthorized API calls to the victim's LocalAI instance. This can lead to resource exhaustion, credit depletion, and disk space filling. The vulnerability is structural, lacking CSRF tokens or mitigations, and was not specified as patched in the provided information.

Available publicly on Apr 01 2024

6.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Threat Overview

The CSRF vulnerability in LocalAI allows attackers to perform unauthorized actions on behalf of a victim without their consent. By crafting a malicious webpage that automatically submits a form to the LocalAI instance running on the victim's machine, attackers can trigger resource-intensive operations. These operations include generating a large number of images, making calls to credit-consuming models, and uploading files to fill disk space. The lack of CSRF tokens or other mitigations in the application makes it vulnerable to such attacks.

Attack Scenario

An attacker creates a webpage containing a hidden form that is automatically submitted when a victim visits the page. This form is crafted to make POST requests to the victim's LocalAI instance, triggering actions such as image generation or model loading. Since the request appears to come from the victim's own browser, LocalAI processes it as a legitimate request, leading to resource exhaustion, credit depletion, or disk space filling without the victim's knowledge.

Who is affected

Any user running an unpatched version of LocalAI (version 2.7.0) without CSRF protections is vulnerable to this attack. The attack can be carried out without direct network access to the victim's environment, making any user who visits a malicious webpage a potential victim.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.