Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.
Problem types
CWE-290: Authentication Bypass by Spoofing
CWE-306: Missing Authentication for Critical Function
CWE-346: Origin Validation Error
CWE-807: Reliance on Untrusted Inputs in a Security Decision
Product status
References
github.com/...Tavern/security/advisories/GHSA-gxx6-h3g6-vwjh
github.com/...Tavern/security/advisories/GHSA-gxx6-h3g6-vwjh