Odysseus: any logged-in user can hijack the server-wide embedding endpoint (broken access control + SSRF)
0
▲
POST /api/embeddings/endpoint in Odysseus is auth-gated but not admin-gated. Any non-admin user can repoint the server-wide embedding URL to attacker-controlled hosts, exfiltrating every user's chat, RAG, memory and vault text in plaintext. The same handler does no URL validation, so it doubles as SSRF.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.