Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical vulnerability identified in n8n, an open-source workflow automation platform. An authenticated user with specific permissions could potentially exploit this flaw to access arbitrary files on the server, which may lead to a complete system compromise. The primary concern is confirming the relevance and exposure of this vulnerability within your environment.
- Authenticated users could read server files.
- Affects workflow automation, a critical business function.
- Verify if your n8n instances are affected.
Attack Path
How an attacker could exploit the issue
An attacker with authenticated access and the ability to modify workflows can inject malicious commands into the Git node's Push operation. This allows them to read sensitive files from the n8n server, potentially leading to a complete system compromise.
- Requires authenticated user access.
- Involves injecting CLI flags on Git Push.
- Can lead to server file disclosure.
Live Threat
Current exploitation, exposure, and threat context
An authenticated user with workflow modification permissions could potentially read arbitrary files from the n8n server by injecting CLI flags on the Git node's Push operation. This could lead to a full compromise of the server when supported by the advisory.
- Server files could be exposed.
- Injected CLI flags could cause leakage.
- Full server compromise may occur.
Operational Fix
Recommended remediation, mitigation, and detection steps
The n8n platform's owner or the team responsible for its infrastructure should lead the response to this vulnerability. The first step is to identify all n8n instances, confirm their reachability and business criticality, and then assign an owner for remediation planning.
- Own the issue: n8n instance owners.
- Verify first: Reachability and critical workflows.
- Action: Plan controlled updates.