CVE-2024-11031
π TL;DR
This SSRF vulnerability in GPT Academic allows attackers to make the server request arbitrary web resources using its credentials. It affects users running version 3.83 of binary-husky/gpt_academic with the HotReload plugin enabled. Attackers can exploit this to access internal systems or external services that the server can reach.
π» Affected Systems
- binary-husky/gpt_academic
π¦ What is this software?
Gpt Academic by Binary Husky
β οΈ Risk & Real-World Impact
Worst Case
Attackers gain access to internal systems, cloud metadata services, or sensitive APIs using the server's credentials, potentially leading to data exfiltration, lateral movement, or privilege escalation.
Likely Case
Unauthorized access to internal web services or external APIs that the server can reach, potentially exposing sensitive data or allowing further exploitation.
If Mitigated
Limited impact if proper network segmentation and egress filtering are in place, restricting the server's ability to reach sensitive internal resources.
π― Exploit Status
Exploitation requires access to the vulnerable API endpoint and knowledge of the plugin functionality.
π οΈ Fix & Mitigation
β Official Fix
Patch Version: Version 3.84 or later
Vendor Advisory: https://huntr.com/bounties/d27d89a7-7d54-45b9-a9eb-66c00bc56e02
Restart Required: No
Instructions:
1. Update to version 3.84 or later. 2. Run: pip install --upgrade gpt_academic. 3. Verify the update completed successfully.
π§ Temporary Workarounds
Disable HotReload Plugin
allTemporarily disable the vulnerable plugin to prevent exploitation.
Edit configuration to remove or disable HotReload(MarkdownηΏ»θ―δΈ) plugin
Network Egress Filtering
allRestrict outbound connections from the GPT Academic server to only necessary destinations.
Configure firewall rules to limit outbound HTTP/HTTPS traffic
π§― If You Can't Patch
- Disable the HotReload(MarkdownηΏ»θ―δΈ) plugin immediately
- Implement strict network segmentation and egress filtering for the server
π How to Verify
Check if Vulnerable:
Check if running version 3.83 and if the HotReload plugin is enabled in configuration.Check Version:
python -c "import gpt_academic; print(gpt_academic.__version__)"Verify Fix Applied:
Verify version is 3.84 or later and test the vulnerable API endpoint with SSRF payloads.π‘ Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from the GPT Academic server
- Requests to internal IP addresses or cloud metadata services
Network Indicators:
- HTTP requests from GPT Academic server to unexpected destinations
- Traffic patterns matching SSRF exploitation
SIEM Query:
source="gpt_academic_logs" AND (url="*metadata*" OR url="*169.254*" OR url="*internal*" OR url="*localhost*")