| Titel | QuantumNous new-api 0.12.1 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| Beschreibung | # Technical Details
An authorization flaw in the Midjourney image relay endpoint allows an unauthenticated attacker to retrieve image content that belongs to other users. The endpoint `/mj/image/:id` is reachable without `TokenAuth`, and the handler resolves tasks via `mj_id` only (`GetByOnlyMJId`) without user ownership validation. As a result, any attacker who can obtain or guess a valid `mj_id` can directly exfiltrate another user's generated image.
# Vulnerable Code
File: `router/relay-router.go`, `relay/mjproxy_handler.go`, and `model/midjourney.go`
Method: `RelayMidjourneyImage` and `GetByOnlyMJId`
Why: In `router/relay-router.go`, `GET /mj/image/:id` is registered before the middleware application. `TokenAuth` and `Distribute` are applied only after this route registration. `RelayMidjourneyImage` calls `model.GetByOnlyMJId(taskId)`, which in `model/midjourney.go` performs `WHERE mj_id = ?` without any `user_id` binding. The execution flow directly fetches and streams the image to the unauthenticated attacker.
# Reproduction
1. Save `docker-compose.yml` to spin up `calciumion/new-api:latest` with a mock Midjourney server.
2. Save `mock_mj_server.py` to simulate the Midjourney upstream.
3. Save `poc_exploit.py`. The script sets up the target and submits an imagine task as a victim to get a valid `mj_id`.
4. Then, the exploit script performs an unauthenticated `GET /mj/image/:id` request with the obtained `mj_id`.
5. Run the containers and test scripts: `docker compose up -d && python3 poc_exploit.py`. The script demonstrates stealing the image bytes without credentials from an external network perspective.
# Impact
- This is an unauthenticated object-level authorization bypass (IDOR) leading to sensitive data disclosure.
- Any external attacker can fetch another user's Midjourney image if a valid `mj_id` is known.
- Cross-tenant data isolation is fundamentally broken.
- Private generated assets (designs, user-upload-derived images, potentially sensitive visual content) can be exfiltrated without requiring any valid credentials. |
|---|
| Quelle | ⚠️ https://gist.github.com/YLChen-007/13974ead25fc6dac42fd7bac62fbb2df |
|---|
| Benutzer | Eric-e (UID 97581) |
|---|
| Einreichung | 24.04.2026 14:16 (vor 1 Monat) |
|---|
| Moderieren | 22.05.2026 20:03 (28 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 365253 [QuantumNous new-api bis 0.12.1 Midjourney Image Relay Endpoint router/relay-router.go RelayMidjourneyImage/GetByOnlyMJId erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|