GHSA-4jpm-cgx2-8h37
Flowise: Sensitive Data Leak in public-chatbotConfig
상세
### Summary
`/api/v1/public-chatbotConfig/:id `ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more.
### Details
Knowledge of chatflow UUID can be obtained from embedded chat widgets, referrer headers or logs and it's the only prerequest.
`getSinglePublicChatbotConfig` function in `packages/server/src/services/chatflows/index.ts` returns the full **flowData** object without authorization check or data sanitization.
There is a comment as **"Safe as public endpoint as chatbotConfig doesn't contain sensitive credential"** but **flowData** does contain sensitive data such as:
`type: 'password'` fields are stored in plaintext (unstructuredAPIKey in S3File node). HTTP Authorization headers in POST / GET Requests nodes. Internal API endpoints and webhook URLs.
### PoC
- Add an S3 File node, set "File Processing Method" to "Unstructured". - Enter an API key in "Unstructured API KEY" field or add a Requests Post node with Authorization header. - Save the chatflow.
`curl -s "https://localhost/api/v1/public-chatbotConfig/{CHATFLOW_UUID}"`
Response:
``` { "flowData": "{...\"unstructuredAPIKey\":\"victim_key\"...\"requestsPostHeaders\":\"Bearer victim_token\"...}" } ```
### Impact
Impacts all Flowise Cloud users with chatflows containing password type fields or any HTTP headers. And self hosted Flowise instances exposed to the internet.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.