Khoj-ai's khoj application integrates with Notion via OAuth to enable AI-powered search capabilities. Prior to version 2.0.0-beta.23, the OAuth callback endpoint suffers from an Insecure Direct Object Reference (IDOR) vulnerability (CWE-639). Specifically, the callback accepts a user UUID in the state parameter without verifying that the OAuth flow was legitimately initiated by that user. This lack of proper authorization checks allows an attacker who knows a victim's UUID to hijack the victim's Notion integration by manipulating the OAuth callback state parameter. The UUID can be leaked through shared conversations where AI-generated images embed or reveal this identifier. By hijacking the integration, attackers can replace the victim's Notion configuration with their own, leading to data poisoning of the victim's Khoj search index and unauthorized access to sensitive data indexed by Khoj. The vulnerability is remotely exploitable over the network with no privileges required but does require user interaction (the victim completing an OAuth flow). The flaw impacts confidentiality and availability by enabling unauthorized access and data manipulation. The vendor fixed this issue in version 2.0.0-beta.23. No public exploits have been reported to date.

For European organizations using khoj-ai's khoj application integrated with Notion, this vulnerability poses a risk of unauthorized access to sensitive internal data indexed by Khoj. Attackers could manipulate or poison search indexes, leading to misinformation or exposure of confidential information. This could disrupt business operations relying on accurate AI search results and potentially leak intellectual property or personal data. Since the attack requires knowledge of user UUIDs, organizations that share AI-generated content publicly or internally without proper controls risk leaking these identifiers. The impact extends to data integrity and availability, as poisoned data could degrade trust in AI-driven workflows. Given the medium CVSS score, the threat is moderate but significant for organizations relying heavily on Khoj for knowledge management. The lack of known exploits suggests limited current risk, but the vulnerability should be addressed promptly to prevent future attacks.

European organizations should immediately upgrade khoj to version 2.0.0-beta.23 or later where the vulnerability is fixed. Until upgrading, restrict access to the OAuth callback endpoint and monitor logs for suspicious manipulation of the state parameter. Implement strict controls on sharing AI-generated content that may leak user UUIDs, including sanitizing or anonymizing shared data. Employ network segmentation and access controls to limit exposure of the Khoj application to trusted users only. Conduct regular audits of OAuth integrations and verify that authorization flows properly validate user identity. Educate users about the risks of sharing AI-generated images or conversations that might reveal sensitive identifiers. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block unusual OAuth callback requests. Finally, maintain an incident response plan to quickly address any signs of compromise related to this vulnerability.