RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same URLSafeTimedSerializer with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owners account. Version 0.22.0 fixes the issue.
Weakness
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ragflow | Infiniflow | * | 0.22.0 (excluding) |
References
- https://github.com/infiniflow/ragflow/blob/v0.20.5/api/apps/system_app.py#L214-L215
- https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/__init__.py#L343
- https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/api_utils.py#L378
- https://github.com/infiniflow/ragflow/commit/a3bb4aadcc3494fb27f2a9933b4c46df8eb532e6
- https://github.com/infiniflow/ragflow/security/advisories/GHSA-9j5g-g4xm-57w7
- https://github.com/infiniflow/ragflow/security/advisories/GHSA-9j5g-g4xm-57w7