Horizon Alert
Summary of the vulnerability and why it matters
The Flowise platform, specifically versions up to 2.2.4, has a critical vulnerability allowing unauthenticated file uploads via an API endpoint. This could enable attackers to upload malicious files, potentially leading to remote code execution and compromise of your systems.
- Unauthenticated file upload flaw in Flowise.
- Affects core application functionality.
- Confirm relevance and assess exposure.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by sending a crafted request to the attachments API endpoint, even without authentication. By manipulating the `chatId` and `chatflowId` parameters, the attacker can bypass intended file upload restrictions. This could allow for the upload of malicious files to arbitrary locations on the server, potentially leading to remote code execution and full system compromise.
- Unauthenticated network access required.
- Uploading files via API endpoint.
- Server compromise and remote code execution.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an unauthenticated attacker to upload arbitrary files to arbitrary directories on a Flowise instance when the local storage type is configured. This could lead to the execution of malicious code on the server, potentially compromising the entire system.
- Arbitrary files could be uploaded.
- Malicious files could be placed on the server.
- Remote code execution is a possibility.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical vulnerability in Flowise affects applications with local storage enabled on the `/api/v1/attachments` endpoint. Ownership likely falls to application or platform teams responsible for Flowise deployments, with initial steps focusing on confirming asset presence, exposure, and business criticality. Coordination with infrastructure or security teams may be needed for broader impact assessment and remediation planning.
- Confirm Flowise asset inventory and exposure.
- Identify accountable application or platform owner.
- Plan remediation based on confirmed risk.