GHSA-4jpm-cgx2-8h37
Flowise: Sensitive Data Leak in public-chatbotConfig
Details
### Summary
`/api/v1/public-chatbotConfig/:id `ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more.
### Details
Knowledge of chatflow UUID can be obtained from embedded chat widgets, referrer headers or logs and it's the only prerequest.
`getSinglePublicChatbotConfig` function in `packages/server/src/services/chatflows/index.ts` returns the full **flowData** object without authorization check or data sanitization.
There is a comment as **"Safe as public endpoint as chatbotConfig doesn't contain sensitive credential"** but **flowData** does contain sensitive data such as:
`type: 'password'` fields are stored in plaintext (unstructuredAPIKey in S3File node). HTTP Authorization headers in POST / GET Requests nodes. Internal API endpoints and webhook URLs.
### PoC
- Add an S3 File node, set "File Processing Method" to "Unstructured". - Enter an API key in "Unstructured API KEY" field or add a Requests Post node with Authorization header. - Save the chatflow.
`curl -s "https://localhost/api/v1/public-chatbotConfig/{CHATFLOW_UUID}"`
Response:
``` { "flowData": "{...\"unstructuredAPIKey\":\"victim_key\"...\"requestsPostHeaders\":\"Bearer victim_token\"...}" } ```
### Impact
Impacts all Flowise Cloud users with chatflows containing password type fields or any HTTP headers. And self hosted Flowise instances exposed to the internet.
Are you affected?
Enter the version of the package you're using.