Zhuozhiyongde

**Name of the Vulnerable Software and Affected Versions** Lobe Chat versions prior to 0.162.25 **Description** The issue allows an attacker to obtain the real backend API Key if they can successfully authenticate through SSO/Access Code. This is achieved by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. The attack process involves passing basic authentication, setting the Base URL to a private attack address, configuring the request method to be a server-side request, and retrieving the API Key information from the request headers at the self-set attack address. **Recommendations** For versions prior to 0.162.25, upgrade to version 0.162.25 or later to address the issue. As a temporary workaround, consider restricting the ability to modify the base URL on the frontend to prevent attackers from setting up a server-side request to obtain the API Key. Additionally, configuring an outbound traffic whitelist on the backend can help minimize the risk of exploitation.