제출 #812196: QuantumNous new-api 0.12.1 Authorization Bypass Through User-Controlled Key (CWE-639)정보

제목	QuantumNous new-api 0.12.1 Authorization Bypass Through User-Controlled Key (CWE-639)
설명	# Technical Details An authorization flaw in the Midjourney image relay endpoint allows an unauthenticated attacker to retrieve image content that belongs to other users. The endpoint `/mj/image/:id` is reachable without `TokenAuth`, and the handler resolves tasks via `mj_id` only (`GetByOnlyMJId`) without user ownership validation. As a result, any attacker who can obtain or guess a valid `mj_id` can directly exfiltrate another user's generated image. # Vulnerable Code File: `router/relay-router.go`, `relay/mjproxy_handler.go`, and `model/midjourney.go` Method: `RelayMidjourneyImage` and `GetByOnlyMJId` Why: In `router/relay-router.go`, `GET /mj/image/:id` is registered before the middleware application. `TokenAuth` and `Distribute` are applied only after this route registration. `RelayMidjourneyImage` calls `model.GetByOnlyMJId(taskId)`, which in `model/midjourney.go` performs `WHERE mj_id = ?` without any `user_id` binding. The execution flow directly fetches and streams the image to the unauthenticated attacker. # Reproduction 1. Save `docker-compose.yml` to spin up `calciumion/new-api:latest` with a mock Midjourney server. 2. Save `mock_mj_server.py` to simulate the Midjourney upstream. 3. Save `poc_exploit.py`. The script sets up the target and submits an imagine task as a victim to get a valid `mj_id`. 4. Then, the exploit script performs an unauthenticated `GET /mj/image/:id` request with the obtained `mj_id`. 5. Run the containers and test scripts: `docker compose up -d && python3 poc_exploit.py`. The script demonstrates stealing the image bytes without credentials from an external network perspective. # Impact - This is an unauthenticated object-level authorization bypass (IDOR) leading to sensitive data disclosure. - Any external attacker can fetch another user's Midjourney image if a valid `mj_id` is known. - Cross-tenant data isolation is fundamentally broken. - Private generated assets (designs, user-upload-derived images, potentially sensitive visual content) can be exfiltrated without requiring any valid credentials.
원천	⚠️ https://gist.github.com/YLChen-007/13974ead25fc6dac42fd7bac62fbb2df
사용자	Eric-e (UID 97581)
제출	2026. 04. 24. PM 02:16 (1 월 ago)
모더레이션	2026. 05. 22. PM 08:03 (28 days later)
상태	수락
VulDB 항목	365253 [QuantumNous new-api 까지 0.12.1 Midjourney Image Relay Endpoint router/relay-router.go RelayMidjourneyImage/GetByOnlyMJId 권한 상승]
포인트들	20

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!