Access control bypass allows unauthorized file uploads to API/R2 buckets（访问控制权限绕过允许未授权文件上传至API/R2存储桶）

### **Chatgpt-web-midjourney-proxy Version - 2.24.5**
### The website requires permission authentication to allow access, and the control console deletes the front-end restriction code
![Image](https://github.com/user-attachments/assets/7a961a38-1241-41a2-b50f-c67a6741bdde)
### In gpt-4-all, unauthorized users can upload files directly
 `POST /openapi/pre_signed `
`POST /openapi/v1/upload `
![Image](https://github.com/user-attachments/assets/ef59b152-57a4-40d3-b173-3f9dc45f1104)
![Image](https://github.com/user-attachments/assets/feb2d712-93d6-4a45-b646-c0dd7a326806)
![Image](https://github.com/user-attachments/assets/73d30d5d-095f-4a57-a6d3-7ee5397d16d7)
![Image](https://github.com/user-attachments/assets/64b26d07-c071-4f12-bfd6-038c647d5513)
![Image](https://github.com/user-attachments/assets/aa6c8037-d8dc-4a74-b5f0-08026b23275d)
### Access control bypass allows unauthorized file uploads to API/R2 buckets, which could be exploited maliciously to consume resources

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Access control bypass allows unauthorized file uploads to API/R2 buckets（访问控制权限绕过允许未授权文件上传至API/R2存储桶） #639

Chatgpt-web-midjourney-proxy Version - 2.24.5

The website requires permission authentication to allow access, and the control console deletes the front-end restriction code

In gpt-4-all, unauthorized users can upload files directly

Access control bypass allows unauthorized file uploads to API/R2 buckets, which could be exploited maliciously to consume resources

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Access control bypass allows unauthorized file uploads to API/R2 buckets（访问控制权限绕过允许未授权文件上传至API/R2存储桶） #639

Description

Chatgpt-web-midjourney-proxy Version - 2.24.5

The website requires permission authentication to allow access, and the control console deletes the front-end restriction code

In gpt-4-all, unauthorized users can upload files directly

Access control bypass allows unauthorized file uploads to API/R2 buckets, which could be exploited maliciously to consume resources

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions