GHSL-2023-232_GHSL-2023-234: Path injection, Cross-Site Scripting (XSS) and CORS misconfiguration in Flowise - CVE-2024-36420, CVE-2024-36421, CVE-2024-36422, CVE-2024-36423, CVE-2024-37145, CVE-2024-37146

Coordinated Disclosure Timeline

• 2023-11-27: Vulnerability Report Submitted Via Private Vulnerability Reporting and Open Issue
• 2023-12-05: Maintainer acknowledges receipt of reports, but states they have a lack of resources to fix issues. Disclosure deadline extended an extra 90 days in order to help maintaners.
• 2024-05-22: Maintainers informed that advisories are planned to be released soon in accordance with our policy. Messages receive no response.
• 2024-06-03: Decision to release advisory due to lack of response from maintainers.
• 2024-06-27: Maintainers informed that advisories will be released on June 28, 2024.

Summary

Flowise is vulnerable to path injection, cross site scripting and CORS misconfiguration vulnerabilities, that may compromise the confidentiality of the information on the host server. In the worst case, it may allow attackers to read files from the Flowise server and read/modify user secrets.

Project

Flowise

Tested Version

v1.4.3

Details

Issue 1: Path Injection at /api/v1/openai-assistants-file (GHSL-2023-232)

The /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter.

this.app.post('/api/v1/openai-assistants-file', async (req: Request, res: Response) => {
            const filePath = path.join(getUserHome(), '.flowise', 'openai-assistant', req.body.fileName)
            res.setHeader('Content-Disposition', 'attachment; filename=' + path.basename(filePath))
            const fileStream = fs.createReadStream(filePath)
            fileStream.pipe(res)

This vulnerability was found with the help of CodeQL.

Impact

This issue may lead to Arbitrary File Read

Issue 2: Reflected XSS in packages/server/src/index.ts (GHSL-2023-245-GHSL-2023-248)

Reflected XSS vulnerabilities occur in many of the API endpoints. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction.

this.app.get('/api/v1/flow-config/:id', async (req: Request, res: Response) => {
            const chatflow = await this.AppDataSource.getRepository(ChatFlow).findOneBy({
                id: req.params.id
            })
            if (!chatflow) return res.status(404).send(`Chatflow ${req.params.id} not found`)
            const flowData = chatflow.flowData
            const parsedFlowData: IReactFlowObject = JSON.parse(flowData)
            const nodes = parsedFlowData.nodes
            const availableConfigs = findAvailableConfigs(nodes, this.nodesPool.componentCredentials)
            return res.json(availableConfigs)
        })

If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server.

This vulnerability is found in many endpoints in index.ts, including:

api/v1/chatflows/id(GHSL-2023-245)

/api/v1/public-chatflows/id(GHSL-2023-246)

/api/v1/chatflows-streaming/id(GHSL-2023-247)

/api/v1/credentials/id(GHSL-2023-248)

I have linked the GET handler for each endpoint which is immediately exploitable, but their POST, PUT, DELETE counterparts may be exploitable in the future. It is recommended that you remove all cases where data provided from the req parameter is passed to the res without sanitization. Example:

res.status(404).send(`Chatflow ${req.params.id} not found`)

These vulnerabilities were found with the help of CodeQL

Impact

This issue may lead to Information Disclosure

Issue 3: Cors Misconfiguration in packages/server/src/index.ts (GHSL-2023-234)

A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user.

// Allow access from *
        this.app.use(cors())

This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server.

Impact

This issue may lead to Information Disclosure

Credit

These issues were discovered and reported by GHSL team member @Kwstubbs (Kevin Stubbings).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2023-232,GHSL-2023-234, GHSL-2023-245-GHSL-2023-248 in any communication regarding these issues.

CVE

• CVE-2024-36420
• CVE-2024-36421
• CVE-2024-36422
• CVE-2024-36423
• CVE-2024-37145
• CVE-2024-37146