Name of the Vulnerable Software and Affected Versions:

LibreChat versions 0.0.6 through 0.7.7-rc1

Description:

LibreChat, a ChatGPT clone, contains an exposed testing endpoint that allows unauthorized access to chats stored in the Meilisearch engine. The `/api/search/test` endpoint does not enforce proper access controls, enabling the retrieval of chats belonging to arbitrary users.

Recommendations:

Update to version 0.7.7 or later.